[Tracker-discuss] [issue244] Any User can hijack other Users' Queries
Daniel Diniz
metatracker at psf.upfronthosting.co.za
Wed Feb 25 23:00:59 CET 2009
New submission from Daniel Diniz <ajaksu at gmail.com>:
Any User has the ability to edit or create Queries, which equates to Admin's
ability to edit Classes, as far as Queries are concerned. This ignores Query
ownership in the CSV interface, allowing one to edit, steal or delete someone
else's Queries.
Attached patch blocks this path.
----------
files: actions_query.diff
messages: 1191
nosy: ajaksu2
priority: urgent
status: unread
title: Any User can hijack other Users' Queries
_______________________________________________________
PSF Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue244>
_______________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: actions_query.diff
Type: text/x-diff
Size: 776 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/tracker-discuss/attachments/20090225/fa3f4b03/attachment.diff>
More information about the Tracker-discuss
mailing list