[Python-apps-commits] r8821 - in packages/trac-mastertickets/trunk/debian (5 files)

debacle at users.alioth.debian.org debacle at users.alioth.debian.org
Sun Jun 3 00:19:19 UTC 2012 

    Date: Sunday, June 3, 2012 @ 00:19:16
  Author: debacle
Revision: 8821

Fix #667720, at least partially.

Added:
  packages/trac-mastertickets/trunk/debian/README.Debian
  packages/trac-mastertickets/trunk/debian/patches/
  packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch
  packages/trac-mastertickets/trunk/debian/patches/series
Modified:
  packages/trac-mastertickets/trunk/debian/changelog

Added: packages/trac-mastertickets/trunk/debian/README.Debian
===================================================================
--- packages/trac-mastertickets/trunk/debian/README.Debian	                        (rev 0)
+++ packages/trac-mastertickets/trunk/debian/README.Debian	2012-06-03 00:19:16 UTC (rev 8821)
@@ -0,0 +1,9 @@
+Note, that the dependency graph of tickets generated by the
+trac-mastertickets plugin might be visible to users who have normally
+no permission to see the respective tickets. This is especially
+problematic, when you are using trac-privatetickets or
+trac-sensitivetickets. If unsure, don't activate the mastertickets in
+projects with sensitive tickets and the possibility of unauthorised
+access to trac.
+
+See http://bugs.debian.org/667720

Modified: packages/trac-mastertickets/trunk/debian/changelog
===================================================================
--- packages/trac-mastertickets/trunk/debian/changelog	2012-06-02 16:49:02 UTC (rev 8820)
+++ packages/trac-mastertickets/trunk/debian/changelog	2012-06-03 00:19:16 UTC (rev 8821)
@@ -1,3 +1,10 @@
+trac-mastertickets (3.0.2+20111224-2) unstable; urgency=high
+
+  * added patch to check for permission when showing dependency
+    graph (Closes: #667720).
+
+ -- W. Martin Borgert <debacle at debian.org>  Sat, 02 Jun 2012 23:30:50 +0000
+
 trac-mastertickets (3.0.2+20111224-1) unstable; urgency=low
 
   * New upstream version (Closes: #653733). Works with Trac 0.12.

Added: packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch
===================================================================
--- packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch	                        (rev 0)
+++ packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch	2012-06-03 00:19:16 UTC (rev 8821)
@@ -0,0 +1,13 @@
+Author: tinus-github
+Description: Patch to mastertickets to check for permissions
+
+--- a/mastertickets/web_ui.py
++++ b/mastertickets/web_ui.py
+@@ -167,6 +167,7 @@
+         return req.path_info.startswith('/depgraph')
+ 
+     def process_request(self, req):
++        req.perm.require('TICKET_VIEW')
+         path_info = req.path_info[10:]
+         
+         if not path_info:


Property changes on: packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch
___________________________________________________________________
Added: svn:executable
   + *

Added: packages/trac-mastertickets/trunk/debian/patches/series
===================================================================
--- packages/trac-mastertickets/trunk/debian/patches/series	                        (rev 0)
+++ packages/trac-mastertickets/trunk/debian/patches/series	2012-06-03 00:19:16 UTC (rev 8821)
@@ -0,0 +1 @@
+10_check_ticket_view.patch

More information about the Python-apps-commits mailing list