MantisBT: master-2.24 f1f236f9

Author Committer Branch Timestamp Parent
vboctor vboctor master-2.24 2020-04-19 17:36:47 master-2.24 5ba7cdf2
Affected Issues  0026893: APIs expose private attachments to users who has access to issue but not private notes

Fix attachments API access checks

  • Fix attachment access checks for private attachments. (REST and SOAP)
  • Include note attachments within notes (REST)

Fixes 0026893

mod - api/soap/mc_issue_api.php Diff File
mod - core/file_api.php Diff File