Mahara

Check edit permissions in tasks.json.php

Series 1.3
Bug #771623

Bug #771623 reported by Richard Mansfield on 2011-04-27

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	High	Richard Mansfield	Mahara 1.4.0
	1.3	Fix Released	High	Richard Mansfield	Mahara 1.3.6

Bug Description

This json script is used for task pagination by the owner and should check that the logged-in user is allowed to edit the plan artefact passed to the script.

CVE References

2011-1404

Revision history for this message

Richard Mansfield (richard-mansfield) wrote on 2011-04-27:

Patch for 1.3 and master Edit (1002 bytes, text/plain)

François Marier (fmarier) on 2011-05-10

visibility:

private → public

Richard Mansfield (richard-mansfield) on 2011-05-10

Changed in mahara:
status:	In Progress → Fix Committed

François Marier (fmarier) on 2011-06-14

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Patch for 1.3 and master Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.