Fixed: potential security leak on my page calendar (#4691).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3351 e93f8b46-1217-0410-a6f0-8f06a7374b81

Fixed: potential security leak on my page calendar (#4691).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3351 e93f8b46-1217-0410-a6f0-8f06a7374b81
7ef20cc1 · Jean-Philippe Lang · 2261ec7b · 7ef20cc1
Commit 7ef20cc1 authored Jan 30, 2010 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

_calendar.rhtml app/views/my/blocks/_calendar.rhtml +1 -1

No files found.
--- a/app/views/my/blocks/_calendar.rhtml
+++ b/app/views/my/blocks/_calendar.rhtml
 <h3><%= l(:label_calendar) %></h3>

 <% calendar = Redmine::Helpers::Calendar.new(Date.today, current_language, :week)
-   calendar.events = Issue.find :all,
+   calendar.events = Issue.visible.find :all,
                     :conditions => ["#{Issue.table_name}.project_id in (#{@user.projects.collect{|m| m.id}.join(',')}) AND ((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?))", calendar.startdt, calendar.enddt, calendar.startdt, calendar.enddt],
                     :include => [:project, :tracker, :priority, :assigned_to] unless @user.projects.empty? %>