Message 3594 - Roundup tracker

Author	ajaksu2
Recipients	ajaksu2, arno-, jpend, richard, rouilj
Date	2009-02-25.22:37:03
Message-id	<1235601424.9.0.367847634178.issue1442835@psf.upfronthosting.co.za>
In-reply-to

IMO this is a serious hole that any useful tracker should fix ASAP.

It's not a problem with the 'private' wording, one User can steal
queries from other Users and even from Admin.

It's not a template issue either: you can mess with anyone else's
queries, something SearchAction blocks but EditCSVAction doesn't.

Pranksters can change the Query URL to something lighthearted, like
"@error_message=No Issues in this Tracker&@ok_message=Tracker Deleted
Successfully <br> <br> <br> <br> <br>"...

Attached patch is a stopgap fix, feedback welcome.

History
Date	User	Action	Args
2009-02-25 22:37:04	ajaksu2	set	messageid: <1235601424.9.0.367847634178.issue1442835@psf.upfronthosting.co.za>
2009-02-25 22:37:04	ajaksu2	set	recipients: + ajaksu2, richard, rouilj, jpend, arno-
2009-02-25 22:37:04	ajaksu2	link	issue1442835 messages
2009-02-25 22:37:04	ajaksu2	create

Roundup Tracker - Issues

Message3594