[kforge-dev] Ticket #38 (defect closed): Anonymous users can post on project subsystem applications despite not having right permissions
10: Timeline
admin at okfn.org
Sun Aug 5 11:33:09 UTC 2007
fixed:
See [r1108][1] and [r1167][2]. Resolved by returning HTTP_UNAUTHORISED or HTTP_DENIED rather than trying to do redirect. This has unfortunate result that redirects no longer work for browser agents but not much we can do about this (more discussion in source [browser:trunk/src/kforge/handlers/projecthost.py][3] ).
[1]: http://project.knowledgeforge.net/kforge/trac/changeset/1108 (Change apache.OK apache.FORBIDDEN in attempt to solve ticket:38 and added ...)
[2]: http://project.knowledgeforge.net/kforge/trac/changeset/1167 ([medium]: variety of small changes to authentication and apache config to ...)
[3]: http://project.knowledgeforge.net/kforge/trac/browser/trunk/src/kforge/handlers/projecthost.py
URL: http://project.knowledgeforge.net/kforge/trac/ticket/38#comment:1
More information about the kforge-dev
mailing list