redmine_private_wiki User can access content of private wiki via full-text search

User can access content of private wiki via full-text search

Open caramella opened this issue 12 years ago • 2 comments

I create a private wiki for developers group with this content "password AD89798qw" I login with a developer account As a developer I clic on forbidden wiki and as expected redmine cannot see anything As a developer I perform search with this keywork "password" Redmine show me the title of private page and the following content result "password AD89798qw"

Regards

Jan 25 '13 12:01 caramella

Uh, thats really bad! Please fix!

Jan 25 '13 18:01 cforce

+1 for fixing it.

Apr 25 '13 00:04 ghost

redmine_private_wiki redmine_private_wiki copied to clipboard

User can access content of private wiki via full-text search

redmine_private_wiki
redmine_private_wiki copied to clipboard