Item42: SECURITY: REVINFO reveals info for a topic the user does not have permission to view.
- 01 Nov 2008
allowed recovery of revision information for a topic where the reader did not have view access. Note there is an argument that the viewer should at least be able to see who
made the edit. in the end I decided not to bother trying to suport that, though.
Added a check, unit tested.
- 01 Dec 2008