Edit permission not checked in newviewtoken.json.php
Bug #771592 reported by
Richard Mansfield
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Richard Mansfield | ||
1.2 |
Fix Released
|
High
|
Richard Mansfield | ||
1.3 |
Fix Released
|
High
|
Richard Mansfield |
Bug Description
On master, the script is no longer used and should be deleted altogether.
On 1.2/1.3, we need to check that the logged in user has permission to edit the view.
CVE References
visibility: | private → public |
Changed in mahara: | |
status: | In Progress → Fix Committed |
milestone: | none → 1.4.0 |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.