https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292017-07-25T23:20:50ZRedmineRedmine - Feature #26530: Links to Wiki pages of unauthorized projects should be smarterhttps://www.redmine.org/issues/26530?journal_id=802942017-07-25T23:20:50ZMichael Gerz
<ul></ul><p>Ouch... this issue seems to be related to <a class="changeset" title="Check permission of wiki pages before generating a link to it (#23793). Patch by Holger Just." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/16283">r16283</a> and #23793 which fixes an information leak.</p>
<p>I wonder what this leak actually is since the user will see the link (in wiki format) anyway.</p>
<p>If - for whatever reason - the link is not allowed to become an HTML link then I suggest making the textual representation a bit more user-friendly. A phrase like</p>
<pre>
[[model-repository:Latest_Model|Latest Model]]
</pre>
<p>is something that I would not like to see in a rendered Wiki page.</p> Redmine - Feature #26530: Links to Wiki pages of unauthorized projects should be smarterhttps://www.redmine.org/issues/26530?journal_id=803272017-07-27T15:38:37ZMichael Gerz
<ul><li><strong>File</strong> <a href="/attachments/18848">wiki-links-patch.diff</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/18848/wiki-links-patch.diff">wiki-links-patch.diff</a> added</li></ul><p>The attached patch results in smarter "non-links".</p> Redmine - Feature #26530: Links to Wiki pages of unauthorized projects should be smarterhttps://www.redmine.org/issues/26530?journal_id=807582017-08-21T11:44:40ZToshi MARUYAMA
<ul><li><strong>Tracker</strong> changed from <i>Defect</i> to <i>Feature</i></li><li><strong>Subject</strong> changed from <i>Links to Wiki pages of unauthorized projects are broken in the sidebar </i> to <i>Links to Wiki pages of unauthorized projects should be smarter</i></li></ul> Redmine - Feature #26530: Links to Wiki pages of unauthorized projects should be smarterhttps://www.redmine.org/issues/26530?journal_id=828572018-01-02T12:01:47ZMichael Gerz
<ul></ul><p>What happened to this patch?</p> Redmine - Feature #26530: Links to Wiki pages of unauthorized projects should be smarterhttps://www.redmine.org/issues/26530?journal_id=830812018-01-13T01:38:11ZGo MAEDA
<ul></ul><p>I think the patch suggested in <a class="issue tracker-2 status-1 priority-4 priority-default" title="Feature: Links to Wiki pages of unauthorized projects should be smarter (New)" href="https://www.redmine.org/issues/26530#note-2">#26530#note-2</a> cause an information leak. A user who is not allowed to see the wiki can probe if a given page exists.</p> Redmine - Feature #26530: Links to Wiki pages of unauthorized projects should be smarterhttps://www.redmine.org/issues/26530?journal_id=831532018-01-16T23:48:13ZShinji Tamura
<ul></ul><p>I make the plugin that disable <a class="changeset" title="Check permission of wiki pages before generating a link to it (#23793). Patch by Holger Just." href="https://www.redmine.org/projects/redmine/repository/svn/revisions/16283">r16283</a> and include wiki-links-patch.diff.<br />Please see <a class="external" href="https://github.com/crosspoints/redmine_legacy_link">https://github.com/crosspoints/redmine_legacy_link</a></p>