Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0002224
TypeCategorySeverityReproducibilityDate SubmittedLast Update
defect[Openbravo ERP] C. Securityminoralways2007-11-01 21:282008-11-26 14:02
ReporterpjuvaraView Statuspublic 
Assigned Toalostale 
PrioritynormalResolutionfixedFixed in Version2.40alpha-r2
StatusclosedFix in branchFixed in SCM revision
ProjectionnoneETAnoneTarget Version
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Merge Request Status
Review Assigned To
OBNetwork customerNo
Web browser
ModulesCore
Support ticket
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0002224: AT235: Users with two clients see transactions in wrong one

DescriptionProblem Description
===================
A user having access to two clients (client A and client B) can see a transaction created in one client from the other client.

Environment
===========
2.35 Acceptance Testing
Postgre

How To Reproduce
================
In a standard installation with BigBazaar client, create a second client and call it ClientB.
In ClientB, create a sales order header and save it.
Without logging out, switch role to BigBazaar Admin and navigate to the sales order window.
The window behavior is such that it queries back the last transaction queried by the user, regardless of the client context.
As a result, the sales order created in ClientB is retrieved in BigBazaar client.

Notes
=====
This is not a security issue since the user has access to that transaction in the first place, but further attempts to process that transaction might give unpredictable results and cause data corruption.
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]

-  Notes
(0002584)
psarobe (viewer)
2008-01-24 09:53
edited on: 2008-06-12 09:23

Logged In: YES
user_id=1500703
Originator: NO

Regarding on this:

Also check this issue.

Environment
===========
2.35 ORACLE, Linux

Steps to reproduce
==================
-Working with two clients. Client A, client B
-One of the client, e.g Client A, must have a preference for Sales Order window where the attribute must be C_DOCTYPETARGET_ID with value the ID for the document type "Standard order" for that client A
-To do this go to General Setup->Application->Preferences
-Then login with Client B and go to Financial management->Accounting->Setup->Document type and see which document type has the check "Default" mark. If it is "Standard Order" or "Returned material" mark then unmark. Mark another one, for example Warehouse order
-Logout and login again with client B and go to Sales management->Transactions->Sales order
-Click new and see if in the Transaction document it is the value "Warehouse Order". Then OK
-Now Logout and login with client A and go to Sales management->Transactions->Sales order
-Click new and see if in the Transaction document it is the value Standard order. Then OK
-Now Logout and login again with client B and go to Sales management->Transactions->Sales order
-Click new and see if in the Transaction document it is the value "Return material". If it does, then it's wrong because it has to be "Warehouse Order".

This happens because although I login with client B, and because I login before with client A, it still remains in the session the values for client A, instead of being removed when I login with another client (Client B)
(0002585)
alostale (viewer)
2008-05-12 10:21
edited on: 2008-06-12 09:23

Logged In: YES
user_id=1500722
Originator: NO

This is fixed within security review project
(0005813)
user71
2005-06-01 00:00
edited on: 2008-06-12 09:43

This bug was originally reported in SourceForge bug tracker and then migrated to Mantis.

You can see the original bug report in:
https://sourceforge.net/support/tracker.php?aid=1824278 [^]

- Issue History
Date Modified Username Field Change
2008-11-26 14:02 psarobe Regression testing => No
2008-11-26 14:02 psarobe Status resolved => closed


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker