[Python-apps-commits] r8821 - in packages/trac-mastertickets/trunk/debian (5 files)
debacle at users.alioth.debian.org
debacle at users.alioth.debian.org
Sun Jun 3 00:19:19 UTC 2012
Date: Sunday, June 3, 2012 @ 00:19:16
Author: debacle
Revision: 8821
Fix #667720, at least partially.
Added:
packages/trac-mastertickets/trunk/debian/README.Debian
packages/trac-mastertickets/trunk/debian/patches/
packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch
packages/trac-mastertickets/trunk/debian/patches/series
Modified:
packages/trac-mastertickets/trunk/debian/changelog
Added: packages/trac-mastertickets/trunk/debian/README.Debian
===================================================================
--- packages/trac-mastertickets/trunk/debian/README.Debian (rev 0)
+++ packages/trac-mastertickets/trunk/debian/README.Debian 2012-06-03 00:19:16 UTC (rev 8821)
@@ -0,0 +1,9 @@
+Note, that the dependency graph of tickets generated by the
+trac-mastertickets plugin might be visible to users who have normally
+no permission to see the respective tickets. This is especially
+problematic, when you are using trac-privatetickets or
+trac-sensitivetickets. If unsure, don't activate the mastertickets in
+projects with sensitive tickets and the possibility of unauthorised
+access to trac.
+
+See http://bugs.debian.org/667720
Modified: packages/trac-mastertickets/trunk/debian/changelog
===================================================================
--- packages/trac-mastertickets/trunk/debian/changelog 2012-06-02 16:49:02 UTC (rev 8820)
+++ packages/trac-mastertickets/trunk/debian/changelog 2012-06-03 00:19:16 UTC (rev 8821)
@@ -1,3 +1,10 @@
+trac-mastertickets (3.0.2+20111224-2) unstable; urgency=high
+
+ * added patch to check for permission when showing dependency
+ graph (Closes: #667720).
+
+ -- W. Martin Borgert <debacle at debian.org> Sat, 02 Jun 2012 23:30:50 +0000
+
trac-mastertickets (3.0.2+20111224-1) unstable; urgency=low
* New upstream version (Closes: #653733). Works with Trac 0.12.
Added: packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch
===================================================================
--- packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch (rev 0)
+++ packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch 2012-06-03 00:19:16 UTC (rev 8821)
@@ -0,0 +1,13 @@
+Author: tinus-github
+Description: Patch to mastertickets to check for permissions
+
+--- a/mastertickets/web_ui.py
++++ b/mastertickets/web_ui.py
+@@ -167,6 +167,7 @@
+ return req.path_info.startswith('/depgraph')
+
+ def process_request(self, req):
++ req.perm.require('TICKET_VIEW')
+ path_info = req.path_info[10:]
+
+ if not path_info:
Property changes on: packages/trac-mastertickets/trunk/debian/patches/10_check_ticket_view.patch
___________________________________________________________________
Added: svn:executable
+ *
Added: packages/trac-mastertickets/trunk/debian/patches/series
===================================================================
--- packages/trac-mastertickets/trunk/debian/patches/series (rev 0)
+++ packages/trac-mastertickets/trunk/debian/patches/series 2012-06-03 00:19:16 UTC (rev 8821)
@@ -0,0 +1 @@
+10_check_ticket_view.patch
More information about the Python-apps-commits
mailing list