Defect #4501: URL-mangling provides data not reachable through UI - Redmine

Actions

Copy link

Defect #4501

closed

URL-mangling provides data not reachable through UI

Added by Mischa The Evil almost 15 years ago. Updated over 14 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Issues

Target version:

Start date:

2009-12-29

Due date:

% Done:

Estimated time:

Resolution:

Invalid

Affected version:

Description

I noticed that with some URL-mangling it is possible to gather information which is not "un-locked" by the Redmine UI. E.g. the following URL gives me Eric Davis' watch-list:

http://www.redmine.org/issues?set_filter=1&sort=updated_on:desc&watcher_id=5

Although pretty unharmful, it might be unwanted behaviour.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Redmine

Custom queries

Defect #4501

URL-mangling provides data not reachable through UI

Updated by Felix Schäfer over 14 years ago

Updated by Marius BĂLTEANU over 6 years ago