Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Rubric CPAN distribution.

Report information
The Basics
Id: 17454
Status: resolved
Worked: 20 min
Priority: 0/
Queue: Rubric

People
Owner: rjbs [...] cpan.org
Requestors: rockear [...] hive-mind.net
Cc:
AdminCc:

Bug Information
Severity: Normal
Broken in: 0.13_01
Fixed in: (no value)



Subject: @private entries display their tags to the public
I'm using Rubric 0.13_01, with perl 5.8.7 on a NetBSD 3.0 system. It seems that private entries are not entirely private -- they leak information about their tags. So for example, if I have an entry marked as private but tagged as, say, "Brazil", any anonymous viewer will be able to see that there's /something/ tagged as Brazil in the database. Following that tag returns no direct results, but it does disclose any FURTHER tags associated with the private entry in the "related tags" box. Similarly, a public viewer can go to /rubric/entries/tags/@private and reap a complete list of related private tags.