incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Harry Metske (JIRA)" <j...@apache.org>
Subject [jira] Updated: (JSPWIKI-645) RecentChanges plugin shows pages, for which the user has no access
Date Wed, 07 Apr 2010 16:16:34 GMT

     [ https://issues.apache.org/jira/browse/JSPWIKI-645?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Harry Metske updated JSPWIKI-645:
---------------------------------

    Priority: Minor  (was: Major)
      Labels: RecentChangesPlugin  (was: recent_changes plugin)

This is "works as designed", only page content is protected (with ACL's or otherwise).
The page metadata you are talking about has always been public.

If you don't feel comfortable with this, you can remove the plugin from your installation.

> RecentChanges plugin shows pages, for which the user has no access
> ------------------------------------------------------------------
>
>                 Key: JSPWIKI-645
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-645
>             Project: JSPWiki
>          Issue Type: Bug
>          Components: Plugins
>    Affects Versions: 2.8.3
>         Environment: Windows xp, tomcat6
>            Reporter: Gergely Kontra
>            Priority: Minor
>
> Any user can include the text [{INSERT com.ecyrd.jspwiki.plugin.RecentChangesPlugin}]
into a page, and see notes of page editings (and who and when edited) for those pages, which
he/she could not even have the right to see.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message