#11397 closed defect (fixed)
TracAdmin allows attachment to be added to non-existent resource — at Version 3
| Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.0.2 |
| Component: | admin/console | Version: | |
| Severity: | normal | Keywords: | attachment |
| Cc: | Branch: | ||
| Release Notes: |
Raise an exception when adding an attachment through trac-admin if the parent resource doesn't exist. Raise an error if navigating to an attachment page for which the parent resource doesn't exist. |
||
| API Changes: | |||
| Internal Changes: | |||
Description (last modified by )
To reproduce:
trac-admin $ENV attachment add wiki:SomeNonExistentPage file- Navigate to
/attachment/wiki/SomeNonExistentPageand the attachment will be found
- Navigate to
/wiki/SomeNonExistentPageto find the following:
Even worse, an attachment could be created for a non-existent realm:
$ trac-admin $ENV attachment add some:none file1
When attempting to view the attachment at the path /attachment/some/none/file1, the permission check will fail: ATTACHMENT_VIEW privileges are required to perform this operation on Attachment 'file1' in some:none. You don't have the required permissions.. However, inspection of the database or execution of the trac-admin attachment list command shows that the attachment exists.
Proposed changes can be found in log:rjollos.git:t11397. Besides the fix for the issue in this ticket, there is one additional change proposed:
- Raise an error if navigating to an attachment page for which the parent resource doesn't exist.
Change History (5)
by , 10 years ago
| Attachment: | SomeNonExistentPage.png added |
|---|
comment:1 by , 10 years ago
| Component: | attachment → admin/console |
|---|---|
| Description: | modified (diff) |
| Status: | new → assigned |
by , 10 years ago
| Attachment: | WikiPage.png added |
|---|
comment:2 by , 10 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 10 years ago
| Release Notes: | modified (diff) |
|---|---|
| Resolution: | → fixed |
| Status: | assigned → closed |
Committed to 1.0-stable in [12330] and merged to trunk in [12331].