Defect #10547
closedEditing Ticketname and Description possible with some bug
0%
Description
If i am entering something like "123 Min" with a large M redmine is throwing some errors but everybody can then edit the description and topic of the ticket.
Tested it with the redmine demo here and there was the same issue.
I am not sure if this is already known.
Files
Updated by Hannes Meier over 12 years ago
- Assignee set to Toshi MARUYAMA
sorry for "assigning you" but i really think this is "kind of" security bug.
maybe you can test it:
-open a ticket
-edit
-add a time like "123 Min"
-hit save
-it ll throw errors and you can edit the ticket topic and description
Updated by Etienne Massip over 12 years ago
Think you could already edit the topic and description fields by using the "more" link.
Updated by Hannes Meier over 12 years ago
rofl
sorry!
i didnt see this link yet ;D
i already read about it but never found it ...
and i was irritated cause the "worker" with less rights are even allowed to edit this
but i tested it now and this seems to be no security bug
sorry for the inconveniences
i guess this can be deleted then
BUT
adding "123 Min" as possibilty to use like "123 min" it would still be a enhancement
Updated by Etienne Massip over 12 years ago
- Status changed from New to Closed
- Resolution set to Invalid
Thanks for the feedback, please open a new issue for last point.