View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000093 | WackoWiki | security | public | 2007-09-26 09:37 | 2009-08-19 09:39 |
| Reporter | Tann San | Assigned To | Tann San | ||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.2 | ||||
| Target Version | 4.3.rc | Fixed in Version | 4.3.rc | ||
| Summary | 0000093: Hide Settings page from users without permission to edit page | ||||
| Description | I fixed what I think is a security bug in all three themes. If you're not a registered user you can still see the "Settings" link at the bottom of the page and access the settings menu. You can't actually do anything with the links on that menu since you get the "You're not the owner of this page" message. All links and buttons to functions not availabe for users without the appropriate rights shouldn't be available. It's producing only senseless search engine traffic. The actual TODO task for this bug report is to place a forced redirect at the top of the Settings page. Alternatively we can just display the "You don't have permission" message which you see when trying to access any of the Settings subpages without permission. | ||||
| Tags | No tags attached. | ||||
|
|
just display the "You don't have permission" Threshold: Hide Settings page from users without permission to view page then the user should see only options available for them read access -> ... write access -> ... |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-09-26 09:37 | Tann San | New Issue | |
| 2007-09-26 09:37 | Tann San | Legacy | => NEW |
| 2007-12-02 18:56 | administrator | Note Added: 0000231 | |
| 2007-12-02 18:56 | administrator | Target Version | => 5.0.0 |
| 2007-12-02 18:57 | administrator | Status | new => confirmed |
| 2007-12-02 19:05 | administrator | Note Edited: 0000231 | |
| 2007-12-02 19:14 | administrator | Note Edited: 0000231 | |
| 2007-12-02 19:14 | administrator | Note Edited: 0000231 | |
| 2007-12-12 23:45 | Tann San | Status | confirmed => assigned |
| 2007-12-12 23:45 | Tann San | Assigned To | => Tann San |
| 2007-12-17 00:33 | Tann San | Status | assigned => resolved |
| 2007-12-17 00:33 | Tann San | Fixed in Version | => 5.0.0 |
| 2007-12-17 00:33 | Tann San | Resolution | open => fixed |
| 2009-08-19 09:22 | administrator | Fixed in Version | 5.0.0 => 4.3.rc |
| 2009-08-19 09:39 | administrator | Target Version | 5.0.0 => 4.3.rc |
| 2010-03-08 10:22 | administrator | Category | Security => security |
