Surveys problem?

Dan Mitchell Manila-Newbies@userland.com
Tue, 03 Dec 2002 10:54:15 -0800


> This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

--B_3121757656_5808043
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable

Lawrence:

I=B9ll check this out and let you know. I didn=B9t actually see the problem =AD h=
e
just reported it via email.

Thanks.

Dan

On 12/2/02 3:50 PM, "Lawrence Lee" <lawrence@userland.com> wrote:

> Does he see the Editors Only menubar on the site? I tried the same thing =
on a
> test Manila site and wasn't able to edit/delete a survey while logged out=
 or
> signed in a regular member.
> =20
> Lawrence
>> -----Original Message-----
>> From: manila-newbies-admin@userland.com
>> [mailto:manila-newbies-admin@userland.com] On Behalf Of Dan Mitchell
>> Sent: December 2, 2002 1:29 PM
>> To: Manila-Newbies
>> Subject: Surveys problem?
>>=20
>> One of my web-savvy students today told me that he was able to make the =
edit
>> link work on one of my sites by substituting the word EDIT in the RUN ur=
l. He
>> also was able to substitute DELETE! Yikes!
>>=20
>> Hi is logged in as a site member, but not as an editor of any sort.
>>=20
>> Further explanation:
>>=20
>> This link appears to him when he goes to the survey page:
>>  =20
>> http://www.domain.com/music1/surveys/run/dan@mitchell.fhda.edu/howHighIs=
TheSk
>> y001
>>=20
>> He can change it manually to
>>=20
>> http://www.domain.com/music1/surveys/EDIT/dan@mitchell.fhda.edu/howHighI=
sTheS
>> ky001
>> or
>> http://www.domain.com/music1/surveys/DELETE/dan@mitchell.fhda.edu/howHig=
hIsTh
>> eSky001
>>=20
>> and it works!=20
>>=20
>> Not good, right?
>>=20
>> Dan
>=20


--

d    a    n        m    i    t    c    h    e    l    l

music department | de anza college
http://faculty.deanza.fhda.edu/mitchelldan/
office: 408.864.8511
apple distinguished educator | class of 2000

Please address all college email to: mitchelldan AT deanza dot edu
(Replace =B3AT=B2 with =B3@=B2 and =B3dot=B2 with =B3.=B2 to form the email address.)


--B_3121757656_5808043
Content-type: text/html; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable

<HTML>
<HEAD>
<TITLE>Re: Surveys problem?</TITLE>
</HEAD>
<BODY>
<FONT FACE=3D"Verdana">Lawrence:<BR>
<BR>
I&#8217;ll check this out and let you know. I didn&#8217;t actually see the=
 problem &#8211; he just reported it via email.<BR>
<BR>
Thanks.<BR>
<BR>
Dan<BR>
<BR>
On 12/2/02 3:50 PM, &quot;Lawrence Lee&quot; &lt;lawrence@userland.com&gt; =
wrote:<BR>
<BR>
</FONT><BLOCKQUOTE><FONT COLOR=3D"#0000FF"><FONT SIZE=3D"2"><FONT FACE=3D"Arial">=
Does he see the Editors Only menubar on the site? I tried the same thing on =
a test Manila site and wasn't able to edit/delete a survey while logged out =
or signed in a regular member.<BR>
</FONT></FONT></FONT><FONT FACE=3D"Verdana"> <BR>
</FONT><FONT COLOR=3D"#0000FF"><FONT SIZE=3D"2"><FONT FACE=3D"Arial">Lawrence<BR>
</FONT></FONT></FONT><BLOCKQUOTE><FONT SIZE=3D"2"><FONT FACE=3D"Tahoma">-----Or=
iginal Message-----<BR>
<B>From:</B> <FONT COLOR=3D"#0000FF"><U>manila-newbies-admin@userland.com</U>=
</FONT> [<FONT COLOR=3D"#0000FF"><U>mailto:manila-newbies-admin@userland.com</=
U></FONT>] <B>On Behalf Of </B>Dan Mitchell<BR>
<B>Sent:</B> December 2, 2002 1:29 PM<BR>
<B>To:</B> Manila-Newbies<BR>
<B>Subject:</B> Surveys problem?<BR>
<BR>
</FONT></FONT><FONT FACE=3D"Verdana">One of my web-savvy students today told =
me that he was able to make the edit link work on one of my sites by substit=
uting the word EDIT in the RUN url. He also was able to substitute DELETE! Y=
ikes!<BR>
<BR>
Hi is logged in as a site member, but not as an editor of any sort. &nbsp;<=
BR>
<BR>
Further explanation:<BR>
<BR>
This link appears to him when he goes to the survey page:<BR>
</FONT><FONT COLOR=3D"#0000FF"><FONT SIZE=3D"2"><FONT FACE=3D"Arial"> &nbsp;<BR>
</FONT></FONT><FONT FACE=3D"Arial"><U>http://www.domain.com/music1/surveys/ru=
n/dan@mitchell.fhda.edu/howHighIsTheSky001<BR>
</U></FONT></FONT><FONT FACE=3D"Arial"><BR>
He can change it manually to<BR>
<BR>
<FONT COLOR=3D"#0000FF"><U>http://www.domain.com/music1/surveys/EDIT/dan@mitc=
hell.fhda.edu/howHighIsTheSky001<BR>
</U></FONT>or<BR>
<FONT COLOR=3D"#0000FF"><U>http://www.domain.com/music1/surveys/DELETE/dan@mi=
tchell.fhda.edu/howHighIsTheSky001<BR>
<BR>
</U></FONT>and it works! <BR>
<BR>
Not good, right?<BR>
<BR>
Dan<BR>
</FONT></BLOCKQUOTE><FONT FACE=3D"Verdana"><BR>
</FONT></BLOCKQUOTE><FONT FACE=3D"Verdana"><BR>
<BR>
--<BR>
<HR ALIGN=3DCENTER SIZE=3D"3" WIDTH=3D"95%"><FONT COLOR=3D"#333333"><B>d &nbsp;&nbs=
p;&nbsp;a &nbsp;&nbsp;&nbsp;n &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;m &n=
bsp;&nbsp;&nbsp;i &nbsp;&nbsp;&nbsp;t &nbsp;&nbsp;&nbsp;c &nbsp;&nbsp;&nbsp;=
h &nbsp;&nbsp;&nbsp;e &nbsp;&nbsp;&nbsp;l &nbsp;&nbsp;&nbsp;l<BR>
</B><BR>
music department | de anza college<BR>
</FONT><FONT COLOR=3D"#0000FF"><U>http://faculty.deanza.fhda.edu/mitchelldan/=
<BR>
</U></FONT><FONT COLOR=3D"#333333">office: 408.864.8511<BR>
apple distinguished educator | class of 2000<BR>
<HR ALIGN=3DCENTER SIZE=3D"3" WIDTH=3D"95%"></FONT><B>Please address all college =
email to: <I>mitchelldan AT deanza dot edu<BR>
</I>(Replace &#8220;AT&#8221; with &#8220;@&#8221; and &#8220;dot&#8221; wi=
th &#8220;.&#8221; to form the email address.)</B><BR>
</FONT>
</BODY>
</HTML>


--B_3121757656_5808043--