My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1423: Drafts are visible in gitweb
1 person starred this issue and may be notified of changes. Back to list
Status:  WontFix
Owner:  ----
Closed:  Jun 2012


Sign in to add a comment
 
Reported by dereck...@espace-win.org, Jun 5, 2012
Affected Version: 2.3, 2.4

What steps will reproduce the problem?
1. Create a draft
2. Try to read it anonymously or logged under other non-privileged  account, the draft got a non found (2.3) / permission problem (2.4) message
3. Go to gitweb, the draft is visible

What is the expected output? What do you see instead?
Expected output would be to protect restricted information from a public view.

This bug were initially reported on the Wikimedia/MediaWiki bugtracker, at https://bugzilla.wikimedia.org/show_bug.cgi?id=37115
Jun 18, 2012
#1 sop@google.com
We can't make gitweb filter what is visible. If all references are visible in the repository, gitweb is available, and the user can see anything in the repository,
including drafts that are held by the repository.

This is also true over the native Git protocols. Users can see the refs/changes/... entry for a draft change/patch set even if they can't see this in the Gerrit UI.
Status: WontFix
Labels: -Security -NonPublic
Sign in to add a comment

Powered by Google Project Hosting