Mercurial > p > roundup > code

comparison doc/upgrading.txt @ 5274:07da34337f70

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
html/query.item.html was missing checks to verify that a query should be visible to the user. This is fixed and users can only view queries that they own or that are not private.
author John Rouillard <rouilj@ieee.org>
date Sat, 23 Sep 2017 22:00:22 -0400
parents c6fbd4803eae
children fee207407dee
comparison
equal deleted inserted replaced
5273:1bd252244501 5274:07da34337f70
515 515
516 If you do not do this, public queries will be listed twice in the edit 516 If you do not do this, public queries will be listed twice in the edit
517 interface. Once in the "Queries I created" section and again in the 517 interface. Once in the "Queries I created" section and again in the
518 "Queries others created" section of the query edit page 518 "Queries others created" section of the query edit page
519 (``http..../query?@template=edit``). 519 (``http..../query?@template=edit``).
520
521 Fix security issues in query.item.html template
522 -----------------------------------------------
523 The default query.item.html template allows anybody to view all
524 queries.
525
526 This has been updated in the classic, devel and responsive templates
527 to only allow people to view queries they creates or queries that are
528 publicly viewable.
529
530 If you haven't modified you query.item.html template, simply copy the
531 query.item.html template from one of the above default templates to
532 your tracker's html directory.
520 533
521 Enhancement to check command for Permissions 534 Enhancement to check command for Permissions
522 -------------------------------------------- 535 --------------------------------------------
523 536
524 A new form of check function is permitted in permission definitions. 537 A new form of check function is permitted in permission definitions.
Roundup Issue Tracker: http://roundup-tracker.org/