0034454: Columns are offered in columns list without having access rights to them

ID	Project	Category	View Status	Date Submitted	Last Update
0034454	mantisbt	other	public	2024-05-14 16:07	2024-09-29 13:15

Reporter	atrol	Assigned To	atrol
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Target Version	2.27.0	Fixed in Version	2.27.0

Summary	0034454: Columns are offered in columns list without having access rights to them
Description	Columns "due_date" and "overdue" are offered in section "All Available Columns " of "Manage Columns" pages and can be inserted into sections like "View Issues Columns" even without having rights to see the columns. This is not a security issue, as the column names are just displayed in the table headers. The values are not displayed.
Tags	No tags attached.

MantisBT: master d17059c2 2024-05-14 15:57 atrol Details Diff	Don't offer columns without having access rights to them Fixes 0034454		Affected Issues 0034454
	mod - core/columns_api.php		Diff File

atrol 2024-05-14 16:13 developer ~0068934	PR https://github.com/mantisbt/mantisbt/pull/2002