Mahara

Check view permissions in viewtasks.json.php

Bug #771637 reported by Richard Mansfield on 2011-04-27

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	High	Richard Mansfield	Mahara 1.4.0
	1.3	Fix Released	High	Richard Mansfield	Mahara 1.3.6

Bug Description

This script is for task pagination when viewing a plans block or plan artefact within the context of a View, but needs to check that the user is allowed to see the View.

CVE References

2011-1404

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2011-04-27:

Patch for 1.3 and master Edit (1.4 KiB, text/plain)

Revision history for this message

Ruslan Kabalin (rkabalin) wrote on 2011-04-27:

The patch looks good to me

François Marier (fmarier) on 2011-05-10

visibility:

private → public

Richard Mansfield (richard-mansfield) on 2011-05-10

Changed in mahara:
status:	In Progress → Fix Committed

François Marier (fmarier) on 2011-06-14

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Patch for 1.3 and master Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.