Context Navigation

Modify ↓

#315 closed defect (fixed)

semi-bypass security

Reported by:	matt@…	Owned by:	Jonas Borgström
Priority:	normal	Milestone:	0.7
Component:	wiki system	Version:	devel
Severity:	normal	Keywords:
Cc:		Branch:
Release Notes:
API Changes:
Internal Changes:

Description

On a default, clean trac instance I issued the command "permission remove anonymous WIKI_MODIFY". The "Edit This Page" and "Attach File" links correctly disappear but appending an edit=1 query parameter to a wiki URL displays the edit page.

Note that submitting a changed wiki page does display an error so all it well in the end :).

Attachments (0)

Change History (2)

comment:1 by Jonas Borgström, 22 years ago

Milestone:	→ 0.7
Status:	new → assigned

comment:2 by Jonas Borgström, 22 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed in [471].

Modify Ticket

Change Properties

Summary:
Description:	On a default, clean trac instance I issued the command "permission remove anonymous WIKI_MODIFY". The "Edit This Page" and "Attach File" links correctly disappear but appending an edit=1 query parameter to a wiki URL displays the edit page. Note that submitting a changed wiki page does display an error so all it well in the end :). You may use WikiFormatting here.
Type:		Priority:
Milestone:		Component:
Version:		Severity:
Keywords:		Cc:	Set your email in Preferences
Branch:
Release Notes:
API Changes:
Internal Changes:

Action

leave as closed The owner will remain Jonas Borgström.

reopen The resolution will be deleted. Next status will be 'reopened'.

change ownership to The owner will be changed from Jonas Borgström to the specified user.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: