index.php?go=triggerSendNotifications: security issue/

Summary

For Milestonev0.081 - more fixes and tuned filtering of recent changes

Statusdone?

OpenedJul 7, 2008

Completed100%

CreatedJul 7, 2008 / array

ModifiedNov 14, 2011 / guest

View previous 5 versions

Assigned topixtur

Attached files

No files uploaded

This task does not have any text yet.
Doubleclick here to add some.

Issue report

SeverityMajor

ReproducibilityAlways

Steps to reproduce

visit http://yoursite/index.php?go=triggerSendNotifications

Expected result

If user have no notifications to send it shows a message: "Note: No news for <username>".
So using this link anybody can see all users in the system.
Company client can see all other clients etc.

4 Comments

pixtur:I have to review this

4 years ago

luchyx:Suggestion

4 years ago

Show output only if a valid user is logged in.

pixtur:fixed

4 years ago

ok, changed this in rev 414

guest:Topher

4 months ago - visible as suggested - Delete

If information were soccer, this would be a gooooaol!

Add Comment

Comment
(Wiki format)

Summary

Request feedback

Please copy the text

index.php?go=triggerSendNotifications: security issue/#6669

Summary

Attached files

Issue report

4 Comments

pixtur:I have to review this

luchyx:Suggestion

pixtur:fixed

guest:Topher

Add Comment