SVN checkin comments float up past svn:authz barrier.
|Reported by:||Owned by:||Remy Blank|
|Severity:||major||Keywords:||svnauthz, multirepos, authzsourcepolicy|
Our SVN repo contains private client areas. With Trac and SVN logins using the same password file, it's awesome that the Trac browser won't show the private areas to those people who don't have the privileges to look at them. However, unfortunately, when browsing a public parent directory of a private area, one can always see the last checkin comment in its subtree, even if the changes were entirely in a subtree in which one doesn't have read privileges.
Change History (32)
comment:4 Changed 9 years ago by
|Owner:||changed from Christian Boos to Remy Blank|
comment:21 Changed 8 years ago by
|Keywords:||svnauthz multirepos added; review removed|
|Milestone:||0.11.6 → 0.12|
|Owner:||changed from Remy Blank to Christian Boos|