Fixed that journal details about issue relations may disclose issues that are not visible (#1005).

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@11939 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Jean-Philippe Lang <jp_lang@yahoo.fr> 2013-06-06 16:19:53 +0000
committer: Jean-Philippe Lang <jp_lang@yahoo.fr> 2013-06-06 16:19:53 +0000
commit: 019f57e5c71e96b80b2fb1abc49c9fe4df50c705 (patch)
tree: 1b9b3d5d4ba897c70a532c1fac2d7d7234f3bfee /app
parent: 60a8230209e41311178d80ea58066a5e1eb7aca3 (diff)
download: redmine-019f57e5c71e96b80b2fb1abc49c9fe4df50c705.tar.gz
redmine-019f57e5c71e96b80b2fb1abc49c9fe4df50c705.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/app/helpers/issues_helper.rb b/app/helpers/issues_helper.rb
index 0f65bb42e..d51c9cb65 100644
--- a/app/helpers/issues_helper.rb
+++ b/app/helpers/issues_helper.rb
@@ -308,11 +308,11 @@ module IssuesHelper
       label = l(:label_attachment)
     when 'relation'
       if detail.value && !detail.old_value
-        rel_issue = Issue.find_by_id(detail.value)
+        rel_issue = Issue.visible.find_by_id(detail.value)
         value = rel_issue.nil? ? "#{l(:label_issue)} #{detail.value}" :
                   (no_html ? rel_issue : link_to_issue(rel_issue))
       elsif detail.old_value && !detail.value
-        rel_issue = Issue.find_by_id(detail.old_value)
+        rel_issue = Issue.visible.find_by_id(detail.old_value)
         old_value = rel_issue.nil? ? "#{l(:label_issue)} #{detail.old_value}" :
                           (no_html ? rel_issue : link_to_issue(rel_issue))
       end
author	Jean-Philippe Lang <jp_lang@yahoo.fr>	2013-06-06 16:19:53 +0000
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>	2013-06-06 16:19:53 +0000
commit	019f57e5c71e96b80b2fb1abc49c9fe4df50c705 (patch)
tree	1b9b3d5d4ba897c70a532c1fac2d7d7234f3bfee /app
parent	60a8230209e41311178d80ea58066a5e1eb7aca3 (diff)
download	redmine-019f57e5c71e96b80b2fb1abc49c9fe4df50c705.tar.gz redmine-019f57e5c71e96b80b2fb1abc49c9fe4df50c705.zip