View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000094 | WackoWiki | security | public | 2007-09-26 10:10 | 2009-08-19 09:38 |
| Reporter | Tann San | Assigned To | Tann San | ||
| Priority | urgent | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.2 | ||||
| Target Version | 4.3.rc | Fixed in Version | 4.3.rc | ||
| Summary | 0000094: hide_comments = 0 or 2 still shows comments in search results | ||||
| Description | This is a major security screw-up. | ||||
| Tags | No tags attached. | ||||
|
|
make sure other actions don't show comments such as the recentcomments action. go a global search to make sure. |
|
|
yet this is an gui option, comments with read+write "$" ACLs values won't shown |
|
|
FIXED hide_comments now hides comments from the recentcomments, recentlycommented and search actions if comments are disabled or not visible to non registered users. If a non registered user or a registered user with hide_comments = 1 set tries to manually view a comment i.e. by typing /Comment1 into the address bar they now get the Permission Denied message. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2007-09-26 10:10 | Tann San | New Issue | |
| 2007-09-26 10:10 | Tann San | Legacy | => NEW |
| 2007-09-26 10:13 | Tann San | Note Added: 0000112 | |
| 2007-09-26 11:21 | administrator | Note Added: 0000113 | |
| 2008-07-13 18:47 | administrator | Note Added: 0000409 | |
| 2008-07-13 18:47 | administrator | Assigned To | => Tann San |
| 2008-07-13 18:47 | administrator | Status | new => resolved |
| 2008-07-13 18:47 | administrator | Resolution | open => fixed |
| 2008-07-13 18:51 | administrator | Relationship added | related to 0000095 |
| 2008-07-13 19:04 | administrator | Note Edited: 0000409 | |
| 2008-07-13 19:07 | administrator | Fixed in Version | => 5.0.0 |
| 2008-07-13 19:07 | administrator | Target Version | => 5.0.0 |
| 2009-08-19 09:25 | administrator | Fixed in Version | 5.0.0 => 4.3.rc |
| 2009-08-19 09:38 | administrator | Target Version | 5.0.0 => 4.3.rc |
| 2010-03-08 10:22 | administrator | Category | Security => security |
