Pages: (2) 1 2  ( Go to first unread post ) Add ReplyNew TopicNew Poll

 User ID mixup, Bug in the admin cp
#
Wow. I have a log of every attempt she made on that edit at the moment, and the result that the server received submitted from her web browser was literally in the input... its the same "copied" details we've been on about.

I strongly concur with her suspicious of auto fill. Also, the password line is filled out and being submitted, which accounts for the password changes you're seeing.

I have a hypothesis. Some time ago, she changed the password of this user and the combination of password and email on the edit member form combined with an auto fill extension (or feature) is triggering a silent ovewrite of data on this page. It's as if it saved email + password + everything else. I would be extremely interested to know if there is any auto fill data saved for the email associated with these issues.

Based on this I think we are pretty safe to say that the problem here has been isolated. It's not an SQL injection, or hack, or anything like that. Input here is coming directly from her browser. How though? No idea, very interested in hearing so that if it's possible to mitigate this from our end we will. As long as she keeps away from the edit page with the affected browser your members should be good to go and we can continue to work on this here.

signature
email: admin@jcink.com :: blog: John C.
#
InCausa - Today at 12:03 AM
also Wicked , tell John, if it is relevant, that I have a LastPass on Chrome so idk if that may have done something
Ah sorry I only noticed your post just now, didn't realize we had reached the 2nd page, haha! Anyway, I'll forward the information and we'll discuss what you said and I'll get back to you.

We can't stop laughing how she's managed to do something like this that you've never seen before. Glad to be your test subject, however, so we can avoid this to happen for anyone else in the future if possible.

This post has been edited by Wicked: Mar 1 2018, 05:10 PM
PM
#
In Chrome, the Incognito Mode disables all add-ons and extension – but you can also enable or disable extensions & add-ons if you want to run Chrome in Safe Mode, manually. I would try incognito first to see if it makes a difference.

She needs to disable all extensions or do it one by one to try to isolate the issue.

signature
email: admin@jcink.com :: blog: John C.
#
InCausa - Today at 12:18 AM
ok so there WAS autofill data that got mixed up in the process. Why? I have no clue, it never did it before. But I turned it off now completely tho it still shows autofilled sections on the site so not gonna touch anything on over Chrome still :joy:
but we shall dig up more

We're looking into this as a group right now. Updating you soon again as we find out more!
InCausa - Today at 12:44 AM
okay investigating, back to you in a min
alright so
update
It might have been some sort of collision between Chrome's Autofill option and LastPass. I've disabled Chrome's autofill, cleared cookies and cache and tweaked LastPass options to have more control over empty fields it detects. I tried to check few users not affected by the issue, and it now no longer shows wrong data on the Admin CP
Wicked
Wicked - Today at 1:02 AM
Omg amazing
InCausa - Today at 1:02 AM
Okay and second test, I did an experimental change on Dano's member title to "bear". Edit went fine without breaking anything else or returning to "Duelling Captain". Also did not affect other accounts/fields
Wicked - Today at 1:03 AM
I'll forward this
InCausa - Today at 1:03 AM
so I'd say it is fixed
or as Dano says "feex"
InCausa - Today at 1:05 AM
Usually LastPass only fills in my username and pass (ofc) but I am guessing all the different fields in Admin CP made it go haywire with the options it had before we tweaked them now

Alright, so I'd consider this problem now solved! Thank you from the bottom of my heart for all the help, effort and time you and possibly some of your team put together to solve this bug together with us!

If you still need the Test account for more data let me know. If not, I'll take it down.

Again, thank you very much! http://files.b1.jcink.com/html/emoticons/smile.gif

This post has been edited by Wicked: Mar 1 2018, 06:07 PM
PM
#
No problem. I am glad that this is sorted and just turned out to be a glitch with lastpass then and not something greater.

Thanks for keeping me in the loop and it's great that we got to the bottom of this for future reference.

Yes, you may demote my test account now.

signature
email: admin@jcink.com :: blog: John C.
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Share this topic:
« Next Oldest | Bug Reports | Next Newest »

OptionsPages: (2) 1 2  Add ReplyNew TopicNew Poll