Context Navigation

Modify ↓

#6584 closed defect (invalid)

Ticket Restrictions have no effect on Download Formats

Reported by:	akkarin@…	Owned by:	Noah Kantrowitz
Priority:	highest	Component:	PrivateTicketsPlugin
Severity:	blocker	Keywords:
Cc:	akkarin@…	Trac Release:	0.11

Description

I have multiple different levels of access levels, but even an anonymous user can select the "Download in other formats:" (e.g. CSV) and get a full ticket listing.

Attachments (0)

Change History (3)

comment:1 Changed 15 years ago by itai@…

Priority:	high → highest

We have the same problem, users with limited permission are able to download a CSV file via the "Download in other formats" seeing all tickets ever created. This is a serious security hole.

comment:2 Changed 15 years ago by anonymous

Severity:	critical → blocker

comment:3 Changed 15 years ago by Noah Kantrowitz

Resolution:	→ invalid
Status:	new → closed

Not a but in the plugin. This was a bug in Trac itself, but I'm told it has since been corrected.

Modify Ticket

Change Properties

Summary:
Type:	Priority:
Component:	Severity:
Keywords:	Cc:	Set your email in Preferences
Trac Release:

Action

leave as closed The owner will remain Noah Kantrowitz.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences.

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: