Activity log for bug #1959146
Date | Who | What changed | Old value | New value | Message |
---|---|---|---|---|---|
2022-01-26 22:17:44 | Doris Tam | bug | added bug | ||
2022-01-26 22:26:40 | Kristina Hoeppner | nominated for series | mahara/21.04 | ||
2022-01-26 22:26:40 | Kristina Hoeppner | bug task added | mahara/21.04 | ||
2022-01-26 22:26:40 | Kristina Hoeppner | nominated for series | mahara/22.04 | ||
2022-01-26 22:26:40 | Kristina Hoeppner | bug task added | mahara/22.04 | ||
2022-01-26 22:26:40 | Kristina Hoeppner | nominated for series | mahara/21.10 | ||
2022-01-26 22:26:40 | Kristina Hoeppner | bug task added | mahara/21.10 | ||
2022-01-26 22:26:51 | Kristina Hoeppner | mahara/22.04: status | New | Confirmed | |
2022-01-26 22:26:53 | Kristina Hoeppner | mahara/21.10: status | New | Confirmed | |
2022-01-26 22:26:54 | Kristina Hoeppner | mahara/21.04: status | New | Confirmed | |
2022-01-26 22:26:56 | Kristina Hoeppner | mahara/22.04: importance | Undecided | High | |
2022-01-26 22:26:58 | Kristina Hoeppner | mahara/21.10: importance | Undecided | High | |
2022-01-26 22:26:59 | Kristina Hoeppner | mahara/21.04: importance | Undecided | High | |
2022-01-26 22:27:02 | Kristina Hoeppner | mahara/21.10: milestone | 21.10.1 | ||
2022-01-26 22:27:05 | Kristina Hoeppner | mahara/21.04: milestone | 21.04.3 | ||
2022-01-27 23:40:48 | Kristina Hoeppner | summary | Private group pages can be accessed without logging by going to the url | Private group pages can be accessed without logging in by going to the url | |
2022-01-27 23:46:54 | Kristina Hoeppner | summary | Private group pages can be accessed without logging in by going to the url | Private group, site, or institution portfolios can be accessed by the URL without logging in | |
2022-01-27 23:49:31 | Kristina Hoeppner | mahara/22.04: importance | High | Critical | |
2022-01-27 23:49:33 | Kristina Hoeppner | mahara/21.10: importance | High | Critical | |
2022-01-27 23:49:35 | Kristina Hoeppner | mahara/21.04: importance | High | Critical | |
2022-01-27 23:52:40 | Kristina Hoeppner | description | Private group pages should be available exclusively to members of the group and to those who have access permission. Currently, we can access these private group pages by going to the URL directly. Steps: - Create a private group with the setting 'Publicly viewable group' set to 'No' - Create a page within the group, and copy the URL when the page is displayed - Open a private browser window and go to the copied URL. Expected: the site is redirected to the login page Actual: the private group page can be seen without logging in. Mahara versions: - 21.10 - 21.04 | Portfolios should only be available to the selected people or groups of people who have been given access. This is the case for personal portfolios. However, a change introduced in Mahara 21.04 invalidated the permissions check for group, institution, and site portfolios. To replicate: Group: 1. Create a private group with the setting 'Publicly viewable group' set to 'No'. 2. Create a page within the group and copy the URL when the page is in 'Display' mode. 3. Open a private browser window and go to the copied URL. Results: - Expected: The site redirects to the login page. - Actual: The private group page can be seen without logging in. Institution: 1. Create an institution. 2. Create an institution page and do not share it with anybody. 3. Open a private browser window and go to the copied URL. Results: - Expected: The site redirects to the login page. - Actual: The institution page can be seen without logging in. Site: 1. Create a site page and do not share it with anybody. 2. Open a private browser window and go to the copied URL. Results: - Expected: The site redirects to the login page. - Actual: The site page can be seen without logging in. | |
2022-01-30 18:39:25 | Kristina Hoeppner | cve linked | 2022-24111 | ||
2022-01-30 21:40:42 | Doris Tam | mahara/22.04: assignee | Doris Tam (doristam) | ||
2022-01-30 21:40:49 | Doris Tam | mahara/22.04: status | Confirmed | In Progress | |
2022-02-01 02:40:35 | Doris Tam | mahara/21.10: assignee | Doris Tam (doristam) | ||
2022-02-01 02:40:37 | Doris Tam | mahara/21.04: assignee | Doris Tam (doristam) | ||
2022-02-08 02:23:49 | Doris Tam | mahara/21.10: status | Confirmed | In Progress | |
2022-02-08 02:23:53 | Doris Tam | mahara/21.04: status | Confirmed | In Progress | |
2022-02-08 21:35:00 | Robert Lyon | mahara/22.04: status | In Progress | Fix Committed | |
2022-02-08 21:35:01 | Robert Lyon | mahara/21.10: status | In Progress | Fix Committed | |
2022-02-08 21:35:02 | Robert Lyon | mahara/21.04: status | In Progress | Fix Committed | |
2022-02-09 03:42:54 | Robert Lyon | mahara/21.10: status | Fix Committed | Fix Released | |
2022-02-09 04:15:22 | Doris Tam | mahara/21.04: status | Fix Committed | Fix Released | |
2022-02-09 04:18:05 | Robert Lyon | information type | Private Security | Public Security | |
2022-04-27 01:50:05 | Gold | mahara/22.04: status | Fix Committed | Fix Released |