Launchpad itself

/projects page is forbidden when a private team is listed

Bug #911794 reported by Marc Tardif on 2012-01-04

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Fix Released	High	Curtis Hovey

Bug Description

Recently, https://launchpad.net/projects has been returning a Forbidden page: Not allowed here. After raising the issue on #launchpad-dev, stub mentionned this information which might be useful:

< stub> Projects lists 'latest teams', and should be hiding private teams you shouldn't be able to see rather than making the page fail

Tags:

Revision history for this message

Curtis Hovey (sinzui) wrote on 2012-01-04:

There is a private team in the list, it should not be.

tags:	added: 403 disclosure teams
Changed in launchpad:
status:	New → Triaged
importance:	Undecided → High
summary:	- /projects page now returns forbidden + /projects page is forbidden when a private team is listed

Curtis Hovey (sinzui) on 2012-01-05

Changed in launchpad:
assignee:	nobody → Curtis Hovey (sinzui)
status:	Triaged → In Progress

Revision history for this message

Launchpad QA Bot (lpqabot) wrote on 2012-01-07:

Fixed in stable r14651 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/14651>.

tags:	added: qa-needstesting
Changed in launchpad:
status:	In Progress → Fix Committed

Curtis Hovey (sinzui) on 2012-01-07

tags:

added: qa-ok
removed: qa-needstesting

William Grant (wgrant) on 2012-01-12

Changed in launchpad:
status:	Fix Committed → Fix Released

Curtis Hovey (sinzui) on 2012-06-26

tags:

added: hardening

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.