Ignores Finegrained Permissions
|Reported by:||Owned by:||Ryan J Ollos|
|Severity:||normal||Keywords:||security finegrained permissions|
The macro ignores finegrained page permissions specified using authz_policy. I.e. if the macro is enabled, any user may use Include macro at any page he has access to and get all the restricted pages included into the output. This is major security flaw. Fix is attached.
Change History (9)
comment:1 Changed 5 years ago by
|Owner:||changed from Noah Kantrowitz to Ryan J Ollos|
|Status:||new → assigned|