Modify

Opened 9 years ago

Closed 5 years ago

#3479 closed defect (duplicate)

ignores user privileges settings

Reported by: anonymous Owned by: Noah Kantrowitz
Priority: normal Component: IncludeMacro
Severity: major Keywords:
Cc: Trac Release: 0.11

Description

The macro allows a user with no WIKI_VIEW privileges to some page to include the page in an other page and thus gaining access to it, e.g. putting [[Include(wiki:SomeRestrictedPage)]] in wiki:PubliclyAvailablePage? gives everyone reading access to SomeRestrictedPage.

I am using Trac 0.11b2.

Attachments (0)

Change History (2)

comment:1 Changed 9 years ago by anonymous

Trac Release: 0.100.11

comment:2 Changed 5 years ago by Ryan J Ollos

Resolution: duplicate
Status: newclosed

The WIKI_VIEW permission is checked and this has been the case since the macro was initially released.

I'm guessing you must be referring to a fine-grained permissions issue, which should be fixed on the trunk as of #9931. I'm closing this as a duplicate since the issue was presumably resolved in #9931. Please reopen if you have additional information.

Modify Ticket

Action
as closed The owner will remain Noah Kantrowitz.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.