Modify ↓
Opened 18 years ago
Closed 17 years ago
#1522 closed defect (worksforme)
Typing a ticket number into a search lets users see ticket summaries they shouldn't.
Reported by: | Owned by: | Noah Kantrowitz | |
---|---|---|---|
Priority: | low | Component: | PrivateTicketsPlugin |
Severity: | normal | Keywords: | |
Cc: | Trac Release: | 0.10 |
Description
If the user enters # followed by a ticket number into the Trac search page, the ticket with that number will appear in the search results as a Quick Jump, even if they should not be able to see the ticket. This displays the ticket summary. If they click on the quick jump it doesn't display the page because they do not have permission to view it.
Howeve there are many situations where you do not want users to see even the summaries of the tickets that they do not have permission to view.
I am using 0.10.4 on Windows (XP and SBS 2003).
It doesn't do the quickjump if you enter # number into the search box on ordinary Wiki pages.
Attachments (0)
Note: See
TracTickets for help on using
tickets.
No longer an issue in the 0.11 port as we are now a policy plugin.