Please sign in to comment.
Fix #14015: attachment deletion: remove update_bug_threshold check
As reported by Roland Becker (MantisBT developer): Although configuration option allow_delete_own_attachments is set to ON reporters cannot delete their own attachments. After pushing the delete button you get "Access Denied" Issue #14016 implemented correct attachment deletion access control checks against delete_attachments_threshold. We should be using this threshold instead of update_bug_threshold because attachments aren't linked to the core fields of an issue -- they are frequently related to comments (bugnotes) provided by less privileged users. $g_allow_delete_own_attachments should now work again... safely. Conflicts: bug_file_delete.php
- Loading branch information...
Showing with 1 addition and 7 deletions.