Defect #10547

Editing Ticketname and Description possible with some bug

Added by Hannes Meier over 7 years ago. Updated over 7 years ago.

Status:ClosedStart date:
Priority:UrgentDue date:
Assignee:-% Done:

0%

Category:Issues
Target version:-
Resolution:Invalid Affected version:1.3.1

Description

If i am entering something like "123 Min" with a large M redmine is throwing some errors but everybody can then edit the description and topic of the ticket.
Tested it with the redmine demo here and there was the same issue.

I am not sure if this is already known.

Bildschirmfoto 2012-03-27 um 16.15.14.png (41.7 KB) Hannes Meier, 2012-03-27 16:15

History

#1 Updated by Hannes Meier over 7 years ago

  • Assignee set to Toshi MARUYAMA

sorry for "assigning you" but i really think this is "kind of" security bug.
maybe you can test it:

-open a ticket
-edit
-add a time like "123 Min"
-hit save
-it ll throw errors and you can edit the ticket topic and description

#2 Updated by Toshi MARUYAMA over 7 years ago

  • Assignee deleted (Toshi MARUYAMA)

#3 Updated by Etienne Massip over 7 years ago

Think you could already edit the topic and description fields by using the "more" link.

#4 Updated by Hannes Meier over 7 years ago

rofl
sorry!
i didnt see this link yet ;D

i already read about it but never found it ...

and i was irritated cause the "worker" with less rights are even allowed to edit this
but i tested it now and this seems to be no security bug
sorry for the inconveniences

i guess this can be deleted then

BUT
adding "123 Min" as possibilty to use like "123 min" it would still be a enhancement

#5 Updated by Etienne Massip over 7 years ago

  • Status changed from New to Closed
  • Resolution set to Invalid

Thanks for the feedback, please open a new issue for last point.

Also available in: Atom PDF