Activity log for bug #1521818
| Date | Who | What changed | Old value | New value | Message |
|---|---|---|---|---|---|
| 2015-12-02 01:03:54 | Stéphane | bug | added bug | ||
| 2015-12-02 01:26:00 | Aaron Wells | summary | accessing artefact through view without permission | Tagged journal entries still accessible even after no longer being displayed in block | |
| 2015-12-02 01:26:11 | Aaron Wells | information type | Public | Public Security | |
| 2015-12-02 01:26:22 | Aaron Wells | nominated for series | mahara/15.10 | ||
| 2015-12-02 01:26:22 | Aaron Wells | bug task added | mahara/15.10 | ||
| 2015-12-02 01:26:22 | Aaron Wells | nominated for series | mahara/15.04 | ||
| 2015-12-02 01:26:22 | Aaron Wells | bug task added | mahara/15.04 | ||
| 2015-12-02 01:26:22 | Aaron Wells | nominated for series | mahara/16.04 | ||
| 2015-12-02 01:26:22 | Aaron Wells | bug task added | mahara/16.04 | ||
| 2015-12-02 01:26:32 | Aaron Wells | mahara/15.04: milestone | 15.04.6 | ||
| 2015-12-02 01:26:37 | Aaron Wells | mahara/15.04: importance | Undecided | Medium | |
| 2015-12-02 01:26:39 | Aaron Wells | mahara/15.10: importance | Undecided | Medium | |
| 2015-12-02 01:26:42 | Aaron Wells | mahara/16.04: importance | Undecided | Medium | |
| 2015-12-02 01:27:02 | Aaron Wells | tags | blog privacy security | ||
| 2015-12-02 01:41:51 | Aaron Wells | mahara/16.04: milestone | 16.04.0 | ||
| 2015-12-02 01:41:54 | Aaron Wells | mahara/15.10: milestone | 15.04.6 | ||
| 2015-12-02 01:42:15 | Aaron Wells | summary | Tagged journal entries still accessible even after no longer being displayed in block | Tagged journal entries block granting access to all entries in the journal | |
| 2015-12-02 01:57:10 | Aaron Wells | mahara/15.04: importance | Medium | High | |
| 2015-12-02 01:57:13 | Aaron Wells | mahara/15.10: importance | Medium | High | |
| 2015-12-02 01:57:15 | Aaron Wells | mahara/16.04: importance | Medium | High | |
| 2015-12-02 01:57:24 | Aaron Wells | mahara/15.04: status | New | Confirmed | |
| 2015-12-02 01:57:27 | Aaron Wells | mahara/15.10: status | New | Confirmed | |
| 2015-12-02 01:57:30 | Aaron Wells | mahara/16.04: status | New | Confirmed | |
| 2015-12-02 02:06:16 | Aaron Wells | description | A user received a comment for an artefact that is not actually shared publicly. Looking into the problem, I've been able to replicate the issue. It goes as such : - Create a view - Add a Tagged journal entries block with tag A - save and share view with public - Edit block and change the selected tag to tag B - save Journal entries with tag A are still accessible to the public even though they are not being displayed on the view. It's is imperative that deleted artefact from a view cannot be accessed. It's clearly a breach of privacy. We're using Mahara 15.04 .2 on Linux with MySQL | A user received a comment for an artefact that is not actually shared publicly. Looking into the problem, I've been able to replicate the issue. It goes as such : 1. Create a journal with two entries. Give one the tag "tag1" and the other the tag "tag2". 2. Create a view 3. Add a Tagged journal entries block with "tag1" 4. Save and share the view with the public. 5. Click in the tagged journal entries block to view the artefact detail page for the tag1 journal entry. 6. Copy the URL for the tag1 journal entry's page, and save this somewhere 7. Edit the tagged journal entry block and change it to "tag2" instead. 8. Log out 9. While logged out, view the URL for the tag1 journal entry Expected result: Access denied Actual result: You can view the tag1 journal entry. Indeed, you can navigate up and view the entire journal. Journal entries with tag A are still accessible to the public even though they are not being displayed on the view. It's is imperative that deleted artefact from a view cannot be accessed. It's clearly a breach of privacy. We're using Mahara 15.04 .2 on Linux with MySQL | |
| 2016-03-08 00:39:47 | Robert Lyon | mahara/16.04: status | Confirmed | Fix Committed | |
| 2016-03-08 00:41:21 | Robert Lyon | mahara/15.10: status | Confirmed | In Progress | |
| 2016-03-08 00:50:30 | Robert Lyon | mahara/15.04: status | Confirmed | In Progress | |
| 2016-03-08 01:33:46 | Robert Lyon | mahara/15.10: status | In Progress | Fix Committed | |
| 2016-03-09 19:08:10 | Robert Lyon | mahara/15.04: status | In Progress | Fix Committed | |
| 2016-03-23 21:46:36 | Robert Lyon | mahara/15.10: milestone | 15.04.6 | 15.10.2 | |
| 2016-03-23 22:12:07 | Aaron Wells | mahara/15.10: status | Fix Committed | Fix Released | |
| 2016-03-23 22:16:31 | Robert Lyon | mahara/15.04: status | Fix Committed | Fix Released | |
| 2016-04-29 03:40:52 | Kristina Hoeppner | bug task deleted | mahara/16.04 | ||
| 2016-04-29 03:40:58 | Kristina Hoeppner | mahara: status | Fix Committed | Fix Released |
