Inaccessible bugs should not be able to be traversed to
Bug #735353 reported by
William Grant
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
William Grant |
Bug Description
Private teams 404 for users who cannot view them, as do suspended users. Private bugs should do the same.
Related branches
lp:~wgrant/launchpad/hide-inaccessible-bugs
- Steve Kowalik (community): Approve (code)
-
Diff: 419 lines (+31/-159)16 files modifiedlib/canonical/launchpad/browser/launchpad.py (+1/-1)
lib/canonical/launchpad/pagetests/basics/notfound-traversals.txt (+2/-2)
lib/canonical/launchpad/pagetests/webservice/security.txt (+2/-4)
lib/lp/bugs/browser/bugtask.py (+7/-5)
lib/lp/bugs/browser/malone.py (+1/-1)
lib/lp/bugs/browser/tests/bugtask-edit-views.txt (+0/-78)
lib/lp/bugs/browser/tests/test_bugattachment_file_access.py (+3/-3)
lib/lp/bugs/browser/tests/test_bugtask.py (+2/-2)
lib/lp/bugs/stories/bug-privacy/20-private-distro-bug-not-visible-to-anonymous.txt (+1/-1)
lib/lp/bugs/stories/bug-privacy/30-private-distro-bug-not-visible-to-nonsubscriber-user.txt (+1/-1)
lib/lp/bugs/stories/bug-privacy/xx-presenting-private-bugs.txt (+2/-2)
lib/lp/bugs/stories/bugtracker/xx-bugtracker-remote-bug.txt (+1/-1)
lib/lp/bugs/stories/cve/xx-cve-link-to-modified-target.txt (+0/-39)
lib/lp/bugs/stories/upstream-bugprivacy/10-file-private-upstream-bug.txt (+3/-3)
lib/lp/bugs/stories/upstream-bugprivacy/30-private-upstream-bug-not-accessible-to-anonymous.txt (+3/-10)
lib/lp/bugs/stories/upstream-bugprivacy/50-private-upstream-bug-not-accessible-to-nonsubscriber-user.txt (+2/-6)
tags: |
added: disclosure removed: privacy |
tags: |
added: qa-ok removed: qa-needstesting |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
tags: | added: hardening |
To post a comment you must log in.
Fixed in stable r12607 <http:// bazaar. launchpad. net/~launchpad- pqm/launchpad/ stable/ revision/ 12607>.