Context Navigation

Modify ↓

#3479 closed defect (duplicate)

ignores user privileges settings

Reported by:	anonymous	Owned by:	Noah Kantrowitz
Priority:	normal	Component:	IncludeMacro
Severity:	major	Keywords:
Cc:		Trac Release:	0.11

Description

The macro allows a user with no WIKI_VIEW privileges to some page to include the page in an other page and thus gaining access to it, e.g. putting [[Include(wiki:SomeRestrictedPage)]] in wiki:PubliclyAvailablePage? gives everyone reading access to SomeRestrictedPage.

I am using Trac 0.11b2.

Attachments (0)

Change History (2)

comment:1 Changed 16 years ago by anonymous

Trac Release:	0.10 → 0.11

comment:2 Changed 13 years ago by Ryan J Ollos

Resolution:	→ duplicate
Status:	new → closed

The WIKI_VIEW permission is checked and this has been the case since the macro was initially released.

I'm guessing you must be referring to a fine-grained permissions issue, which should be fixed on the trunk as of #9931. I'm closing this as a duplicate since the issue was presumably resolved in #9931. Please reopen if you have additional information.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Noah Kantrowitz.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: