View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0006421 | mantisbt | security | public | 2005-11-20 21:31 | 2006-10-09 11:55 |
Reporter | thraxisp | Assigned To | vboctor | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.0.0rc3 | ||||
Fixed in Version | 1.0.0rc4 | ||||
Summary | 0006421: Private bugs show up in public RSS feed | ||||
Description | Information for a bug marked as private shows up in the public RS feed. The information for 0006419 and 0006420 showed up in the RSS feed today. | ||||
Tags | No tags attached. | ||||
The RSS feeds depends on the filter API to determine the issues that should be shown based on the anonymous account. I've tested the filter API by logging out and loggin in as anonymous and I found that the private issues are listed in the view issues page for the anonymous user. However, if the user clicks on one of them, access denied occurs. Fixing this bug in the filter API will also fix the RSS feed. The RSS feed can also be changed to double click the anonymous user access to each issue. |
|
Fixed by thraxip's latest fix to the filters API. |
|