Project

General

Profile

Actions

Defect #10547

closed

Editing Ticketname and Description possible with some bug

Added by Hannes Meier over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Urgent
Assignee:
-
Category:
Issues
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Invalid
Affected version:

Description

If i am entering something like "123 Min" with a large M redmine is throwing some errors but everybody can then edit the description and topic of the ticket.
Tested it with the redmine demo here and there was the same issue.

I am not sure if this is already known.


Files

Actions #1

Updated by Hannes Meier over 12 years ago

  • Assignee set to Toshi MARUYAMA

sorry for "assigning you" but i really think this is "kind of" security bug.
maybe you can test it:

-open a ticket
-edit
-add a time like "123 Min"
-hit save
-it ll throw errors and you can edit the ticket topic and description

Actions #2

Updated by Toshi MARUYAMA over 12 years ago

  • Assignee deleted (Toshi MARUYAMA)
Actions #3

Updated by Etienne Massip over 12 years ago

Think you could already edit the topic and description fields by using the "more" link.

Actions #4

Updated by Hannes Meier over 12 years ago

rofl
sorry!
i didnt see this link yet ;D

i already read about it but never found it ...

and i was irritated cause the "worker" with less rights are even allowed to edit this
but i tested it now and this seems to be no security bug
sorry for the inconveniences

i guess this can be deleted then

BUT
adding "123 Min" as possibilty to use like "123 min" it would still be a enhancement

Actions #5

Updated by Etienne Massip over 12 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

Thanks for the feedback, please open a new issue for last point.

Actions

Also available in: Atom PDF