Check edit permissions in tasks.json.php

Bug #771623 reported by Richard Mansfield on 2011-04-27
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Richard Mansfield
1.3
High
Richard Mansfield

Bug Description

This json script is used for task pagination by the owner and should check that the logged-in user is allowed to edit the plan artefact passed to the script.

CVE References

visibility: private → public
Changed in mahara:
status: In Progress → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers