Context Navigation

Modify ↓

#1522 closed defect (worksforme)

Typing a ticket number into a search lets users see ticket summaries they shouldn't.

Reported by:	stevemccusker@…	Owned by:	Noah Kantrowitz
Priority:	low	Component:	PrivateTicketsPlugin
Severity:	normal	Keywords:
Cc:		Trac Release:	0.10

Description

If the user enters # followed by a ticket number into the Trac search page, the ticket with that number will appear in the search results as a Quick Jump, even if they should not be able to see the ticket. This displays the ticket summary. If they click on the quick jump it doesn't display the page because they do not have permission to view it.

Howeve there are many situations where you do not want users to see even the summaries of the tickets that they do not have permission to view.

I am using 0.10.4 on Windows (XP and SBS 2003).

It doesn't do the quickjump if you enter # number into the search box on ordinary Wiki pages.

Attachments (0)

Change History (1)

comment:1 Changed 17 years ago by Noah Kantrowitz

Resolution:	→ worksforme
Status:	new → closed

No longer an issue in the 0.11 port as we are now a policy plugin.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Noah Kantrowitz.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: