プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #80209

完了

Total estimated time issue query column and issue field might leak information

Admin Redmine さんが3年以上前に追加. 3年以上前に更新.

ステータス:
Closed
優先度:
通常
担当者:
-
カテゴリ:
Issues_2
対象バージョン:
3.4.12_154
開始日:
2022/05/09
期日:
進捗率:

0%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/31778
category_id:
2
version_id:
154
issue_org_id:
31778
author_id:
3866
assigned_to_id:
332
comments:
4
status_id:
5
tracker_id:
1
plus1:
0
affected_version:
closed_on:
affected_version_id:
ステータス-->[Closed]
引用

説明

The total estimated time information will show the sum of the estimated times of the issues and its subissues. This calculation does not verify if the current user is allowed to see the sub issues though, which might lead to an information leak.

Attached is a patch with a test for this issue. This patch was created and contributed by Gregor Schmidt.

journals

Setting the target version to 4.0.5.
--------------------------------------------------------------------------------
Committed the fix. Thank you.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

related_issues

relates,Closed,32022,IssueSubtaskingTest fails with high probability

操作
リンクをコピー
 #1

Admin Redmine さんが3年以上前に更新

  • カテゴリIssues_2 にセット
  • 対象バージョン3.4.12_154 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org