View Issue Details

IDProjectCategoryView StatusLast Update
0034454mantisbtotherpublic2024-05-17 14:39
Reporteratrol Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Target Version2.27.0Fixed in Version2.27.0 
Summary0034454: Columns are offered in columns list without having access rights to them
Description

Columns "due_date" and "overdue" are offered in section "All Available Columns " of "Manage Columns" pages and can be inserted into sections like "View Issues Columns" even without having rights to see the columns.

This is not a security issue, as the column names are just displayed in the table headers.
The values are not displayed.

TagsNo tags attached.

Activities

Related Changesets

MantisBT: master d17059c2

2024-05-14 15:57

atrol


Details Diff
Don't offer columns without having access rights to them

Fixes 0034454
Affected Issues
0034454
mod - core/columns_api.php Diff File