P I

Source code checked in, #11597

DaveMo — Sun, 08 Jun 2008 23:43:24 GMT

Fix for permissions problem (regular user could not access root site properties)

Source code checked in

DaveMo — Wed, 12 Mar 2008 03:07:56 GMT

Tidy up code for external release

Source code checked in

DaveMo — Tue, 11 Mar 2008 03:52:29 GMT

Fix for build break

COMMENTED ISSUE: POST: AEU broken

KevinE — Fri, 29 Feb 2008 21:53:30 GMT

Trying to add a new (unprovisioned) user to a page but when I click on the provision link I get "General access denied error". ADAM is on the same box as SP but it is using the service account as SQL is on a diff box. The user IS added to ADAM and appears in the to be approved list but has "No Requestor" in the requestor field.
Comments: ** Comment from web user: KevinE **

Line 510 of ExternalCollaboration is throwing an access denied exception (um.setProvisioner)

CREATED ISSUE: POST: AEU broken

KevinE — Fri, 29 Feb 2008 20:39:19 GMT

Source code checked in

billcan — Fri, 29 Feb 2008 01:53:16 GMT

First stab at removing all traces of Microsoft from code. Also, changed GUIDs for installer package and product.

Source code checked in

jeffreyhamblin — Fri, 29 Feb 2008 00:12:16 GMT

make the cUserManager class contain reverts and add some helper routines. Modify web parts to be more impersonate-agnostic.

CREATED ISSUE: SEC: UM delete user doesn't remove users from sites

KevinE — Fri, 22 Feb 2008 23:54:49 GMT

When a user request is denied they are removed from any sites they had been added too. However when a user is deleted using the User Manager they are NOT removed from any sites.

CLOSED ISSUE: SEC: HTML Encode for Update my profile/User Manager

KevinE — Fri, 22 Feb 2008 22:33:28 GMT

We need to make sure input from the user is not displayed unfiltered on the admin's browser.
Comments: Verified. Build 9687

CLOSED ISSUE: SEC: Old password can match new password

KevinE — Fri, 22 Feb 2008 22:32:34 GMT

We are using the wrong change password method on changeqa...
Comments: Verified. Build 9687

CLOSED ISSUE: SEC: Cross-Site-Scripting issue, Update My Account Profile page.

KevinE — Fri, 22 Feb 2008 22:26:32 GMT

The Update My Account Profile page is allowing HTML code to be input in the profile data and displayed on the User Manager.
Comments: Verified. Build 9687

CREATED ISSUE: SEC: Cross-Site-Scripting issue, Update My Account Profile page.

KevinE — Fri, 22 Feb 2008 22:26:21 GMT

The Update My Account Profile page is allowing HTML code to be input in the profile data and displayed on the User Manager.

CLOSED ISSUE: SEC: Can change password without entering old password

KevinE — Fri, 22 Feb 2008 22:22:25 GMT

On the update profile page.
Comments: Verified. Build 9687

CREATED ISSUE: SEC: Min age password policy

KevinE — Thu, 21 Feb 2008 01:00:48 GMT

If the domain password policy has a minimum age then the user's CANNOT change their password until that min age has expired. This will effect our first time login process, especially if user workflow is turned off. Basically the scenario is a user get's added to a site (approved if WF on) and before the min age has expired they try to login for the first time. ADAM will not allow them too reset their password when they get to the Update Profile part of their first time login. If everybody will have a day or more gap between creating new users and their first login this is a non issue.

Source code checked in

billcan — Wed, 20 Feb 2008 19:53:27 GMT

Removed reference for ActiveDS.

CREATED ISSUE: SEC: HTML Encode for Update my profile/User Manager

billcan — Wed, 20 Feb 2008 18:47:05 GMT

We need to make sure input from the user is not displayed unfiltered on the admin's browser.

COMMENTED ISSUE: SEC: Old password can match new password

DaveMo — Wed, 20 Feb 2008 18:43:57 GMT

We are using the wrong change password method on changeqa...
Comments: CS 9763 - Changed SetPassword to ChangePassword and added error text to resource files.

COMMENTED ISSUE: SEC: Can change password without entering old password

DaveMo — Wed, 20 Feb 2008 18:43:26 GMT

On the update profile page.
Comments: CS 9763 - Changed SetPassword to ChangePassword and added error text to resource files.

Source code checked in

DaveMo — Wed, 20 Feb 2008 18:41:15 GMT

5466 & 5467 - The problems indicated with these bugs are a result of using ADSI SetPassword instead of ChangePassword. Now using ChangePassword. Add resource error messages that attempt to describe what a "constraint violation" might be.

CREATED ISSUE: SEC: Can change password without entering old password

billcan — Wed, 20 Feb 2008 18:29:20 GMT

On the update profile page.