Opened 10 years ago
Last modified 10 years ago
#11397 closed defect
TracAdmin allows attachment to be added to non-existent resource — at Version 2
| Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.0.2 |
| Component: | admin/console | Version: | |
| Severity: | normal | Keywords: | attachment |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
To reproduce:
trac-admin $ENV attachment add wiki:SomeNonExistentPage file- Navigate to
/attachment/wiki/SomeNonExistentPageand the attachment will be found
- Navigate to
/wiki/SomeNonExistentPageto find the following:
Even worse, an attachment could be created for a non-existent realm:
$ trac-admin $ENV attachment add some:none file1
When attempting to view the attachment at the path /attachment/some/none/file1, the permission check will fail: ATTACHMENT_VIEW privileges are required to perform this operation on Attachment 'file1' in some:none. You don't have the required permissions.. However, inspection of the database or execution of the trac-admin attachment list command shows that the attachment exists.
Proposed changes can be found in log:rjollos.git:t11397. Besides the fix for the issue in this ticket, there is one additional change proposed:
- Raise an error if navigating to an attachment page for which the parent resource doesn't exist.
Change History (4)
by , 10 years ago
| Attachment: | SomeNonExistentPage.png added |
|---|
comment:1 by , 10 years ago
| Component: | attachment → admin/console |
|---|---|
| Description: | modified (diff) |
| Status: | new → assigned |
by , 10 years ago
| Attachment: | WikiPage.png added |
|---|
comment:2 by , 10 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
