Vote #78681
未完了Links to Wiki pages of unauthorized projects should be smarter
0%
説明
I use to define a 'Sidebar' wiki page that contains links to wiki pages in various subprojects. This allows users to quickly jump to specific topics.
However, when migrating from Redmine 3.3.1 to 3.4.2, links to unauthorized subprojects got broken. (See here http://www.mimworld.org). Once an user has logged in and has the necessary access rights to visit the specific wiki pages, the links are displayed correctly.
Has this change been made intentional (to overcome some security problem) or is it a real bug? If this behaviour is intended, I have to rethink the entire structure of my project(s). A quick fix is much appreciated.
journals
Ouch... this issue seems to be related to r16283 and #23793 which fixes an information leak.
I wonder what this leak actually is since the user will see the link (in wiki format) anyway.
If - for whatever reason - the link is not allowed to become an HTML link then I suggest making the textual representation a bit more user-friendly. A phrase like
<pre>
[[model-repository:Latest_Model|Latest Model]]
</pre>
is something that I would not like to see in a rendered Wiki page.
--------------------------------------------------------------------------------
The attached patch results in smarter "non-links".
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
What happened to this patch?
--------------------------------------------------------------------------------
I think the patch suggested in #26530#note-2 cause an information leak. A user who is not allowed to see the wiki can probe if a given page exists.
--------------------------------------------------------------------------------
I make the plugin that disable r16283 and include wiki-links-patch.diff.
Please see https://github.com/crosspoints/redmine_legacy_link
--------------------------------------------------------------------------------