Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

MagentoConnect bug by parameter change .. possible exploit? 
 
jimmysp
Jr. Member
 
Total Posts:  7
Joined:  2009-03-15
Brasov
 

Hello,

while waiting for a new extension to be accepted I was playing a bit with the editing form.
I found out you can load the edit form for extensions published by other user accounts, which is pretty lame. I could find out this way details about extensions that will be published on Monday probably smile

So the latest published extension has id 1900. 1901 and 1902 are extensions published by me (below some more details).
And we have in queue 1903 - Photo Album/Gallery with Lightbox for Magento v1.4 (screenshot)
and 1904 - Custom address fields requirements (screenshot)

It’s not a big thingie, at least the save action deals with checking the user rights, and does not allow you to overwrite the information. OR NOT?!?

Now, back to my extensions:
I tried to publish that extension, I got a stupid error, and of course I searched in the forums, I found a guy who claimed it worked for him by changing the username, which I did but still didn’t work out.
I created a new account, I tried to upload again the extension, of course with the same error.

It was then that I tried to change the id, and i changed it with the id 1901, of my first pending extension, and it ALLOWS the new account to overwrite the info in the extension published by my first account.

Can anybody else reproduce this? Load this page and try to update the info.

And also maybe someone can help me with the error I’m getting. The publishing process lacks some usability.. it gives you a lousy error but does not tell you what caused it in detail, what you should do next, or if the extensions needs approval, or when it will be revised. So little documentation available about this :(

 
Magento Community Magento Community
Magento Community
Magento Community
 
Yoakim
Sr. Member
 
Total Posts:  126
Joined:  2008-11-24
 

Unfortunately I don’t have any remedy for your problem and mostly post to give heads up on what looks to be a very useful extenstion! Pitty it doesn’t work for you… I don’t want to test changing anything on that page in fear of screwing it up wink It’s been weekend so that’s maybe why there has been no response, as there must exist many ppl here with the ability to share their “know how” of getting extensions published, or it’s sad if they don’t want to…

One thing that came to mind in what may differ between you and that other guy that claimed success with same error, as I understand it he didn’t change username by creating a new account but made the change in the account, there are 2 values and both editable it appears, Username and Screen name. I’m just abit unsure on how to read what you did as you says you did the same as him and then you say you created a new account???

Just trying to bring some new energy in to it…

 
Magento Community Magento Community
Magento Community
Magento Community
 
jimmysp
Jr. Member
 
Total Posts:  7
Joined:  2009-03-15
Brasov
 
Yettyn - 07 September 2009 07:29 AM

Unfortunately I don’t have any remedy for your problem and mostly post to give heads up on what looks to be a very useful extenstion! Pitty it doesn’t work for you… I don’t want to test changing anything on that page in fear of screwing it up wink It’s been weekend so that’s maybe why there has been no response, as there must exist many ppl here with the ability to share their “know how” of getting extensions published, or it’s sad if they don’t want to…

You might add a word TEST in the beginning of the description smile

Yettyn - 07 September 2009 07:29 AM

One thing that came to mind in what may differ between you and that other guy that claimed success with same error, as I understand it he didn’t change username by creating a new account but made the change in the account, there are 2 values and both editable it appears, Username and Screen name....

Thanks, but first I changed the username in my first account, after that I created a new account and tried to upload the same extension, with a new name (because the original name is locked by my first try - ID 1901)

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top