Modify ↓
#1677 closed defect (fixed)
Wiki diff and history allowed without WIKI_VIEW permission
Reported by: | anonymous | Owned by: | Jonas Borgström |
---|---|---|---|
Priority: | high | Milestone: | 0.9 |
Component: | wiki system | Version: | 0.8.2 |
Severity: | major | Keywords: | permission |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
A user (e.g. anonymous) with absolutely no WIKI_XXXX permissions can still access the history and diffs of wiki pages via…
http://.../trac/wiki/WikiPage?history=yes
http://.../trac/wiki/WikiPage?version=1&diff=yes
Attachments (0)
Change History (3)
comment:1 by , 20 years ago
comment:2 by , 19 years ago
Milestone: | → 0.9 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
This has been fixed for 0.9.
comment:3 by , 18 years ago
Keywords: | permission added; permissions security wiki removed |
---|
Note:
See TracTickets
for help on using tickets.
The permissions work correctly on the current trunk. I'm not sure if there's going to be an 0.8.4 release, but I'll leave this open for now.