View Issue Details

IDProjectCategoryView StatusLast Update
0009252mantisbtsecuritypublic2009-06-26 12:05
Reporterhis Assigned Tograngeway  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.0.0rc3 
Summary0009252: Numeric link to issues tells title and status even if logged in user is not authorized
Description

A link to another issue number tells the issue title and status even if the user is not authorized to view the issue itself.

Steps To Reproduce

1) Create a new issue.
2) Insert a 0000001 with an issue number you are not authorzed to view; will be converted to a link automatically.
3) Save.
4) View the created issue. The link's title tag tells the issues status and title.

Additional Information

Tested with a german localized mantis.

TagsNo tags attached.

Relationships

related to 0009321 closedvboctor Users can get title and status of issues that they don't have access to. 

Activities

his

his

2008-07-02 09:43

reporter   ~0018279

0009321 (added as related) is not visible to "public" users.

grangeway

grangeway

2009-04-14 20:21

reporter   ~0021539

Hello,

I believe this issue is fixed in later releases (for bugs) and in 1.2 git trunk (for bug notes)

Paul