Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

#3479 closed defect (duplicate)

ignores user privileges settings

Reported by:	anonymous	Owned by:	coderanger
Priority:	normal	Component:	IncludeMacro
Severity:	major	Keywords:
Cc:		Trac Release:	0.11

Description

The macro allows a user with no WIKI_VIEW privileges to some page to include the page in an other page and thus gaining access to it, e.g. putting [[Include(wiki:SomeRestrictedPage)]] in wiki:PubliclyAvailablePage? gives everyone reading access to SomeRestrictedPage.

I am using Trac 0.11b2.

Attachments (0)

Change History (2)

comment:1 Changed 5 years ago by anonymous

Trac Release changed from 0.10 to 0.11

comment:2 Changed 13 months ago by rjollos

Resolution set to duplicate
Status changed from new to closed

The WIKI_VIEW permission is checked and this has been the case since the macro was initially released.

I'm guessing you must be referring to a fine-grained permissions issue, which should be fixed on the trunk as of #9931. I'm closing this as a duplicate since the issue was presumably resolved in #9931. Please reopen if you have additional information.

Add Comment

You may use WikiFormatting here.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Add/Remove from Cc:	<Author field>
Trac Release:

Action

leave as closed .

reopen The resolution will be deleted. Next status will be 'reopened'.

Author

Your email or username:

E-mail address and user name can be saved in the Preferences.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: