[Mahara-contributors] [Bug 1521818] Re: Tagged journal entries still accessible even after no longer being displayed in block

Tue, 01 Dec 2015 17:36:00 -0800 

** Summary changed:

- accessing artefact through view without permission
+ Tagged journal entries still accessible even after no longer being displayed 
in block

** Information type changed from Public to Public Security

** Also affects: mahara/15.10
   Importance: Undecided
       Status: New

** Also affects: mahara/15.04
   Importance: Undecided
       Status: New

** Also affects: mahara/16.04
   Importance: Undecided
       Status: New

** Changed in: mahara/15.04
    Milestone: None => 15.04.6

** Changed in: mahara/15.04
   Importance: Undecided => Medium

** Changed in: mahara/15.10
   Importance: Undecided => Medium

** Changed in: mahara/16.04
   Importance: Undecided => Medium

** Tags added: blog privacy security

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask 
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1521818

Title:
  Tagged journal entries still accessible even after no longer being
  displayed in block

Status in Mahara:
  New
Status in Mahara 15.04 series:
  New
Status in Mahara 15.10 series:
  New
Status in Mahara 16.04 series:
  New

Bug description:
  A user received a comment for an artefact that is not actually shared
  publicly.

  Looking into the problem, I've been able to replicate the issue. It
  goes as such :

  - Create a view
  - Add a Tagged journal entries block with tag A
  - save and share view with public
  - Edit block and change the selected tag to tag B
  - save

  Journal entries with tag A are still accessible to the public even
  though they are not being displayed on the view.

  It's is imperative that deleted artefact from a view cannot be
  accessed. It's clearly a breach of privacy.

  We're using Mahara 15.04 .2 on Linux with MySQL

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1521818/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help   : https://help.launchpad.net/ListHelp

Reply via email to