Fixed: potential security leak on my page calendar (#4691).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3351 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-01-30 11:23:17 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2010-01-30 11:23:17 +0000
commit: 7ef20cc169e7e32cf66d01fc64ee83baba2ff9b5 (patch)
tree: f758130a7dc30047f75c4d7fdabf9bf8a2c70754 /app
parent: 2261ec7b958988a0da95293328ca997c2387c6c7 (diff)
download: redmine-7ef20cc169e7e32cf66d01fc64ee83baba2ff9b5.tar.gz
redmine-7ef20cc169e7e32cf66d01fc64ee83baba2ff9b5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/my/blocks/_calendar.rhtml b/app/views/my/blocks/_calendar.rhtml
index bad729363..9c6b793bf 100644
--- a/app/views/my/blocks/_calendar.rhtml
+++ b/app/views/my/blocks/_calendar.rhtml
@@ -1,7 +1,7 @@
 <h3><%= l(:label_calendar) %></h3>
 
 <% calendar = Redmine::Helpers::Calendar.new(Date.today, current_language, :week)
-   calendar.events = Issue.find :all,
+   calendar.events = Issue.visible.find :all,
                      :conditions => ["#{Issue.table_name}.project_id in (#{@user.projects.collect{|m| m.id}.join(',')}) AND ((start_date>=? and start_date<=?) or (due_date>=? and due_date<=?))", calendar.startdt, calendar.enddt, calendar.startdt, calendar.enddt],
                      :include => [:project, :tracker, :priority, :assigned_to] unless @user.projects.empty? %>
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-01-30 11:23:17 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2010-01-30 11:23:17 +0000
commit	7ef20cc169e7e32cf66d01fc64ee83baba2ff9b5 (patch)
tree	f758130a7dc30047f75c4d7fdabf9bf8a2c70754 /app
parent	2261ec7b958988a0da95293328ca997c2387c6c7 (diff)
download	redmine-7ef20cc169e7e32cf66d01fc64ee83baba2ff9b5.tar.gz redmine-7ef20cc169e7e32cf66d01fc64ee83baba2ff9b5.zip