Edgewall Software
Modify

Opened 20 years ago

Closed 19 years ago

Last modified 18 years ago

#1677 closed defect (fixed)

Wiki diff and history allowed without WIKI_VIEW permission

Reported by: anonymous Owned by: Jonas Borgström
Priority: high Milestone: 0.9
Component: wiki system Version: 0.8.2
Severity: major Keywords: permission
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description

A user (e.g. anonymous) with absolutely no WIKI_XXXX permissions can still access the history and diffs of wiki pages via…

http://.../trac/wiki/WikiPage?history=yes

http://.../trac/wiki/WikiPage?version=1&diff=yes

Attachments (0)

Change History (3)

comment:1 by Matthew Good, 20 years ago

The permissions work correctly on the current trunk. I'm not sure if there's going to be an 0.8.4 release, but I'll leave this open for now.

comment:2 by Christopher Lenz, 19 years ago

Milestone: 0.9
Resolution: fixed
Status: newclosed

This has been fixed for 0.9.

comment:3 by sid, 18 years ago

Keywords: permission added; permissions security wiki removed

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.