-
Holger Just authored
The cache did not distinguish between cached credentials for read and write access. As it does not check permissions again if there is a cache hit, users with authorization for either reading or writing could poison the cache and subsequently authorize themselves for both access types. Original fix is by Jean-Philippe Lang, http://www.redmine.org/issues/9567
5e171001
Name |
Last commit
|
Last update |
---|---|---|
app | ||
config | ||
db | ||
doc | ||
extra | ||
files | ||
lib | ||
log | ||
public | ||
script | ||
test | ||
tmp/test | ||
vendor/plugins | ||
.gitignore | ||
.gitmodules | ||
.hgignore | ||
Gemfile | ||
README.rdoc | ||
Rakefile |