Ticket #3479 (closed defect: duplicate)

Opened 5 years ago

Last modified 1 year ago

ignores user privileges settings

Reported by: anonymous Assigned to: coderanger
Priority: normal Component: IncludeMacro
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

The macro allows a user with no WIKI_VIEW privileges to some page to include the page in an other page and thus gaining access to it, e.g. putting [[Include(wiki:SomeRestrictedPage)]] in wiki:PubliclyAvailablePage? gives everyone reading access to SomeRestrictedPage?.

I am using Trac 0.11b2.

Attachments

Change History

07/30/08 12:33:11 changed by anonymous

  • release changed from 0.10 to 0.11.

05/16/12 07:51:42 changed by rjollos

  • status changed from new to closed.
  • resolution set to duplicate.

The WIKI_VIEW permission is checked and this has been the case since the macro was initially released.

I'm guessing you must be referring to a fine-grained permissions issue, which should be fixed on the trunk as of #9931. I'm closing this as a duplicate since the issue was presumably resolved in #9931. Please reopen if you have additional information.

Add/Change #3479 (ignores user privileges settings)




Change Properties
Action