Editing Ticketname and Description possible with some bug
If i am entering something like "123 Min" with a large M redmine is throwing some errors but everybody can then edit the description and topic of the ticket.
Tested it with the redmine demo here and there was the same issue.
I am not sure if this is already known.
#1 Updated by Hannes Meier almost 8 years ago
- Assignee set to Toshi MARUYAMA
sorry for "assigning you" but i really think this is "kind of" security bug.
maybe you can test it:
-open a ticket
-add a time like "123 Min"
-it ll throw errors and you can edit the ticket topic and description
#4 Updated by Hannes Meier almost 8 years ago
i didnt see this link yet ;D
i already read about it but never found it ...
and i was irritated cause the "worker" with less rights are even allowed to edit this
but i tested it now and this seems to be no security bug
sorry for the inconveniences
i guess this can be deleted then
adding "123 Min" as possibilty to use like "123 min" it would still be a enhancement