Modify

Opened 9 years ago

Closed 5 years ago

#3479 closed defect (duplicate)

ignores user privileges settings

Reported by: anonymous Owned by: Noah Kantrowitz
Priority: normal Component: IncludeMacro
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

The macro allows a user with no WIKI_VIEW privileges to some page to include the page in an other page and thus gaining access to it, e.g. putting [[Include(wiki:SomeRestrictedPage)]] in wiki:PubliclyAvailablePage? gives everyone reading access to SomeRestrictedPage.

I am using Trac 0.11b2.

Attachments (0)

Change History (2)

comment:1 Changed 9 years ago by anonymous

Trac Release: 0.100.11

comment:2 Changed 5 years ago by Ryan J Ollos

Resolution: duplicate
Status: newclosed

The WIKI_VIEW permission is checked and this has been the case since the macro was initially released.

I'm guessing you must be referring to a fine-grained permissions issue, which should be fixed on the trunk as of #9931. I'm closing this as a duplicate since the issue was presumably resolved in #9931. Please reopen if you have additional information.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Noah Kantrowitz.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.