![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Mon, 30 Nov 2009 14:45:44 +0000 (14:45 +0000) | ||
| committer | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Mon, 30 Nov 2009 14:45:44 +0000 (14:45 +0000) | ||
| commit | 356fa5f58300aa8ec33c602e8944f35bef1238e3 | |
| tree | 545be7323e5ed83bdff6ff8e71f067563643555e | tree | snapshot |
| parent | ca1fe022240b5283894a118a7a091a0d47acd62a | commit | diff |
Fix security-problem: If user hasn't permission on a message (notably
files and content properties) and is on the nosy list, the content was
sent via email. We now check that user has permission on the message
content and files properties. Also add a regression test for this.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4393 57a73879-2fb5-44c3-a270-3262357dd7e2
files and content properties) and is on the nosy list, the content was
sent via email. We now check that user has permission on the message
content and files properties. Also add a regression test for this.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4393 57a73879-2fb5-44c3-a270-3262357dd7e2
| CHANGES.txt | diff | blob | history | |
| roundup/roundupdb.py | diff | blob | history | |
| test/test_mailgw.py | diff | blob | history |