Topic: Old revisions are viewable by everybody

I ran into this issue yesterday while linkchecking an enano site - older revisions of pages were found.

This poses two problems - for one, makes checking links hard (because those old pages link to inexistent pages) and two, allows everybody to view an older revision. Most likely, the page has been corrected for a reason - and thus shouldn't be viewable to everybody (just admins is fine). Maybe there is an ACL rule for this - but the only relevant one, rollback history, is set to "disallow" already.

Re: Old revisions are viewable by everybody

I'm pretty sure the permission you're looking for is "View history/diffs", though I'm not sure how enforced this is. I'll check on the code to make sure it's being enforced and post back.

Edit: I do know that listing old revisions always has been pretty well enforced.

--Dan