Skip to content

Commit 76caf9a

Browse files
authored
Merge pull request #13932 from craftcms/bugfix/element-pe
Fixed a potential privilege escalation bug
2 parents d29a74a + db5fff9 commit 76caf9a

File tree

2 files changed

+9
-3
lines changed

2 files changed

+9
-3
lines changed

Diff for: CHANGELOG.md

+1-1
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
- Fixed a bug where dropdown option labels within Table fields weren’t getting translated. ([#13914](https://github.com/craftcms/cms/issues/13914))
1212
- Fixed a bug where “Updating search indexes” jobs were getting queued for Matrix block revisions. ([#13917](https://github.com/craftcms/cms/issues/13917))
1313
- Fixed a bug where control panel resources weren’t getting published on demand. ([#13935](https://github.com/craftcms/cms/issues/13935))
14-
- Fixed a privilege escalation vulnerability.
14+
- Fixed privilege escalation vulnerabilities.
1515

1616
## 4.5.10 - 2023-11-07
1717

Diff for: src/controllers/ElementsController.php

+8-2
Original file line numberDiff line numberDiff line change
@@ -1103,11 +1103,17 @@ public function actionSave(): ?Response
11031103
}
11041104

11051105
$this->element = $element;
1106-
1107-
$this->_applyParamsToElement($element);
11081106
$elementsService = Craft::$app->getElements();
11091107
$user = static::currentUser();
11101108

1109+
// Check save permissions before and after applying POST params to the element
1110+
// in case the request was tampered with.
1111+
if (!$elementsService->canSave($element, $user)) {
1112+
throw new ForbiddenHttpException('User not authorized to save this element.');
1113+
}
1114+
1115+
$this->_applyParamsToElement($element);
1116+
11111117
if (!$elementsService->canSave($element, $user)) {
11121118
throw new ForbiddenHttpException('User not authorized to save this element.');
11131119
}

0 commit comments

Comments
 (0)