Commits

Anonymous committed d9203dc

0.12.3dev: Added a missing permission check in the generation of the list of related pages when viewing a non-existing wiki page.

Closes #10187.

Comments (0)

Files changed (1)

trac/wiki/web_ui.py

             else:
                 name = page.name
             name = name.lower()
-            related = [each for each in ws.pages if name in each.lower()]
+            related = [each for each in ws.pages
+                       if name in each.lower()
+                          and 'WIKI_VIEW' in req.perm('wiki', each)]
             related.sort()
             related = [ws._format_link(formatter, 'wiki', '/' + each, each,
                                        False)
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.