Fossil SCM
* Fixed security bug in ticket reports, you previously had to have Check-out security to view a ticket report, you now have to have "r" (Read-tkt) to view ticket reports.
Commit
6ee7316567a60422d1bb66edd9b883eebb6e3009
Parent
dddc5140535ceac…
1 file changed
+1
-1
+1
-1
| --- src/report.c | ||
| +++ src/report.c | ||
| @@ -873,11 +873,11 @@ | ||
| 873 | 873 | Stmt q; |
| 874 | 874 | char *zErr1 = 0; |
| 875 | 875 | char *zErr2 = 0; |
| 876 | 876 | |
| 877 | 877 | login_check_credentials(); |
| 878 | - if( !g.okRead ){ login_needed(); return; } | |
| 878 | + if( !g.okRdTkt ){ login_needed(); return; } | |
| 879 | 879 | rn = atoi(PD("rn","0")); |
| 880 | 880 | if( rn==0 ){ |
| 881 | 881 | cgi_redirect("reportlist"); |
| 882 | 882 | return; |
| 883 | 883 | } |
| 884 | 884 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -873,11 +873,11 @@ | |
| 873 | Stmt q; |
| 874 | char *zErr1 = 0; |
| 875 | char *zErr2 = 0; |
| 876 | |
| 877 | login_check_credentials(); |
| 878 | if( !g.okRead ){ login_needed(); return; } |
| 879 | rn = atoi(PD("rn","0")); |
| 880 | if( rn==0 ){ |
| 881 | cgi_redirect("reportlist"); |
| 882 | return; |
| 883 | } |
| 884 |
| --- src/report.c | |
| +++ src/report.c | |
| @@ -873,11 +873,11 @@ | |
| 873 | Stmt q; |
| 874 | char *zErr1 = 0; |
| 875 | char *zErr2 = 0; |
| 876 | |
| 877 | login_check_credentials(); |
| 878 | if( !g.okRdTkt ){ login_needed(); return; } |
| 879 | rn = atoi(PD("rn","0")); |
| 880 | if( rn==0 ){ |
| 881 | cgi_redirect("reportlist"); |
| 882 | return; |
| 883 | } |
| 884 |