Fixed: potential security leak on my page calendar (#4691).

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 30 Jan 2010 11:23:17 +0000 (11:23 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Sat, 30 Jan 2010 11:23:17 +0000 (11:23 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 30 Jan 2010 11:23:17 +0000 (11:23 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Sat, 30 Jan 2010 11:23:17 +0000 (11:23 +0000)
diff --git a/app/views/my/blocks/_calendar.rhtml b/app/views/my/blocks/_calendar.rhtml

index bad7293..9c6b793 100644 (file)
--- a/app/views/my/blocks/_calendar.rhtml
+++ b/app/views/my/blocks/_calendar.rhtml
@@ -1,7 +1,7 @@
  <h3><%= l(:label_calendar) %></h3>
  
  <% calendar = Redmine::Helpers::Calendar.new(Date.today, current_language, :week)
-   calendar.events = Issue.find :all,
+   calendar.events = Issue.visible.find :all,
                       :conditions => ["#{Issue.table_name}.project_id in (#{@user.projects.collect{|m| m.id}.join(',')}) AND ((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?))", calendar.startdt, calendar.enddt, calendar.startdt, calendar.enddt],
                       :include => [:project, :tracker, :priority, :assigned_to] unless @user.projects.empty? %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 30 Jan 2010 11:23:17 +0000 (11:23 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Sat, 30 Jan 2010 11:23:17 +0000 (11:23 +0000)