Hi all. I remember that in the past there was an issue in Trac (iirc in the 0.9.x era) which allowed anonymous users to post tickets / ticket comments or edit the wiki under the name of a registered user without requiring them to authenticate. And I vaguely remember that there has been a fix for this issue at some point. Does my memory fool me?
I ask because we today had such a case, where an anonymous user abused the identity of a registered user to post spam to the wiki. The site in question runs on Trac 0.10.4 with some custom patches and various plugins - but it seems that this issue can be reproduced on t.e.o as well (just tested with a preview, without actually submitting the edit). Bye, Mike --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
