From c096dde88ff02872ba35edc4dc403c80a7867b5c Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Wed, 4 Nov 2015 18:22:40 +0000
Subject: [PATCH] Fixed that time logging form may disclose subjects of issues
 that are not visible (#21150).

Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@14795 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/views/timelog/_form.html.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/views/timelog/_form.html.erb b/app/views/timelog/_form.html.erb
index 84fb94787..0dbff35a7 100644
--- a/app/views/timelog/_form.html.erb
+++ b/app/views/timelog/_form.html.erb
@@ -13,7 +13,7 @@
   <% end %>
   <p>
     <%= f.text_field :issue_id, :size => 6 %>
-    <span id="time_entry_issue"><%= "#{@time_entry.issue.tracker.name} ##{@time_entry.issue.id}: #{@time_entry.issue.subject}" if @time_entry.issue %></span>
+    <span id="time_entry_issue"><%= "#{@time_entry.issue.tracker.name} ##{@time_entry.issue.id}: #{@time_entry.issue.subject}" if @time_entry.issue.try(:visible?) %></span>
   </p>
   <p><%= f.text_field :spent_on, :size => 10, :required => true %><%= calendar_for('time_entry_spent_on') %></p>
   <p><%= f.text_field :hours, :size => 6, :required => true %></p>
-- 
2.39.5