MantisBT: master-1.2.x 2cc83ca9

Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2012-09-12 04:48 master-1.2.x b1a1bbae
Affected Issues  0014704: CVE-2012-5523 Clone and Move issue with Copy bug notes - user get email notice from project without access
Changeset

Don't send email notices for a bug to which users have no access

Prior to this, users without viewer access to a bug could potentially
receive email notifications for it. This could happen in case of
permissions changes, or if an issue is moved to another project with
different access rights.

Added an access level check to exclude users who don't have at least
VIEWER privilege to the bug.

Fixes 0014704

mod - core/email_api.php Diff File