Opened 10 years ago
Last modified 10 years ago
#11397 closed defect
TracAdmin allows attachment to be added to non-existent resource — at Version 2
Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
---|---|---|---|
Priority: | normal | Milestone: | 1.0.2 |
Component: | admin/console | Version: | |
Severity: | normal | Keywords: | attachment |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description (last modified by )
To reproduce:
trac-admin $ENV attachment add wiki:SomeNonExistentPage file
- Navigate to
/attachment/wiki/SomeNonExistentPage
and the attachment will be found
- Navigate to
/wiki/SomeNonExistentPage
to find the following:
Even worse, an attachment could be created for a non-existent realm:
$ trac-admin $ENV attachment add some:none file1
When attempting to view the attachment at the path /attachment/some/none/file1
, the permission check will fail: ATTACHMENT_VIEW privileges are required to perform this operation on Attachment 'file1' in some:none. You don't have the required permissions.. However, inspection of the database or execution of the trac-admin attachment list
command shows that the attachment exists.
Proposed changes can be found in log:rjollos.git:t11397. Besides the fix for the issue in this ticket, there is one additional change proposed:
- Raise an error if navigating to an attachment page for which the parent resource doesn't exist.
Change History (4)
by , 10 years ago
Attachment: | SomeNonExistentPage.png added |
---|
comment:1 by , 10 years ago
Component: | attachment → admin/console |
---|---|
Description: | modified (diff) |
Status: | new → assigned |
by , 10 years ago
Attachment: | WikiPage.png added |
---|
comment:2 by , 10 years ago
Description: | modified (diff) |
---|