#322 - Restricted project tickets leaking
Type Defect
Status Fixed
Milestone 3.0.7
Version -
Component Users
Priority Normal
Severity Normal
Assigned to -
Reported 11 years ago
Updated 11 years ago
Votes 0
Related tickets
Proposed time
Worked time

What did you do to cause this?

I logged out and viewed the user page of a user with access to a restricted project.

What page were you on?

I was on the user page. Example. The "Staff Tracker" and associated tickets are part of a restricted project.

What PHP and MySQL versions do you run?

5.3.3-7+squeeze14, 5.1.66-0+squeeze1

Describe the defect:

Information meant to be private is leaking out through generally public pages. The information should be hidden from the user unless they have access to the group and tickets in question.

Ticket History

Jack closed as Fixed 11 years and 10 months ago