From: Jeroen L. <jl...@ca...> - 2002-08-18 05:28:13
|
At 20:58 17-8-2002 -0400, you wrote: > > I've been working on 0.17.4, and I more or less have a package ready for > > release. > > > > - I can't find the fix for 'Through manipulation of cookies it is possible > > to set a user's current project to a private project, and access the 'View > > Bugs' page.', who fixed that and/or can tell me where I can find the patch? > > - Were there any other bugs that should be fixed here? I'd like to keep it > > limited though. > >I reported at least one instance of this. I came up with an ugly hack >to check the cookie near the beginning of the view_all_bug_page.php file: Last night, Ken and I rediscovered the bug. Apparantly, it was never fixed, not even in CVS. Ken wrote a project access-check function, which can be used to check the project value. I'll add it in a few minutes. Thanks for your help, and sorry for not telling you this sooner. Jeroen |