Zeta Bug Report!!
Problem: A user with View privileges to a File/Folder can move said File/Folder thus causing a non-read action known as a delete to the file.
Explanation: The Move command was created by duplicating the copy command and making the needed changes. Unfortunately 2 lines too many where re-used, specifically in the database install scripts.
Fix: Delete the privledge entry from the database using the following SQL queries (Works on MySQL)
DELETE FROM `bh2_modulesaccesslevel` WHERE CONVERT(`bh2_modulesaccesslevel`.`module` USING utf8) = ‘movefolder’ AND CONVERT(`bh2_modulesaccesslevel`.`accesslevel` USING utf8) = ‘1′ AND CONVERT(`bh2_modulesaccesslevel`.`status` USING utf8) = ‘1′ LIMIT 1;
AND
DELETE FROM `bh2_modulesaccesslevel` WHERE CONVERT(`bh2_modulesaccesslevel`.`module` USING utf8) = ‘move’ AND CONVERT(`bh2_modulesaccesslevel`.`accesslevel` USING utf8) = ‘1′ AND CONVERT(`bh2_modulesaccesslevel`.`status` USING utf8) = ‘1′ LIMIT 1;
Or in simpler SQL command…
DELETE FROM `bh2_modulesaccesslevel` WHERE `bh2_modulesaccesslevel`.`module` = ‘movefolder’ AND `bh2_modulesaccesslevel`.`accesslevel` = ‘1′ AND `bh2_modulesaccesslevel`.`status` = ‘1′;
and
DELETE FROM `bh2_modulesaccesslevel` WHERE `bh2_modulesaccesslevel`.`module` = ‘move’ AND `bh2_modulesaccesslevel`.`accesslevel` = ‘1′ AND `bh2_modulesaccesslevel`.`status` = ‘1′;
Out Come: Future software releases – Release B and above will have this issue resolved. ETA August 25, 2009 (with additional improvements).
Apology: We sincerely apologize for any inconvenience which this bug may affect you with.
Gratitude: We thank you for your patrionage.