Modify

Opened 5 years ago

Closed 5 years ago

#6584 closed defect (invalid)

Ticket Restrictions have no effect on Download Formats

Reported by: akkarin@… Owned by: coderanger
Priority: highest Component: PrivateTicketsPlugin
Severity: blocker Keywords:
Cc: akkarin@… Trac Release: 0.11

Description

I have multiple different levels of access levels, but even an anonymous user can select the "Download in other formats:" (e.g. CSV) and get a full ticket listing.

Attachments (0)

Change History (3)

comment:1 Changed 5 years ago by itai@…

  • Priority changed from high to highest

We have the same problem, users with limited permission are able to download a CSV file via the "Download in other formats" seeing all tickets ever created. This is a serious security hole.

comment:2 Changed 5 years ago by anonymous

  • Severity changed from critical to blocker

comment:3 Changed 5 years ago by coderanger

  • Resolution set to invalid
  • Status changed from new to closed

Not a but in the plugin. This was a bug in Trac itself, but I'm told it has since been corrected.

Add Comment

Modify Ticket

Action
as closed The owner will remain coderanger.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.