#1890: Can create tickets anonymously using the username of an authenticated
user
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: cmlenz
Type: defect | Status: assigned
Priority: normal | Milestone: 0.10
Component: general | Version: 0.8.4
Severity: normal | Resolution:
Keywords: |
----------------------------------------+-----------------------------------
Comment (by [EMAIL PROTECTED]):
The attachment 'authen.diff' I have made shows a basic way of closing this
hole.
It performs two mappings on the author information:
If anonymous user:
author = '<author info from form field> [unauthenticated]'
Elif authenticated user:
If '<author info from form field>' == '<authenticated username>':
author = '<authenticated username>'
Else:
author = '<authenticated username> (<author info from form field>)'
I think I have probably broken emailing to ticket reporters, but at least
it is a start towards a solution.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/1890>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
