[wellwell-devel] [SCM] Interchange wellwell catalog branch, master, updated. 503a4c537397aaf90270eea84df610634fd156da

Ton Verhagen tverhagen at alamerce.nl
Sun May 3 09:28:06 UTC 2009


On May 3, 2009, at 11:06 AM, Stefan Hornburg wrote:

> This is an automated email from the git hooks/post-receive script.  
> It was
> generated because a ref change was pushed to the repository containing
> the project "Interchange wellwell catalog".
>
> The branch, master has been updated
>       via  503a4c537397aaf90270eea84df610634fd156da (commit)
>      from  a974c989178b7026c1d2e944c2a58abbcf0e4f8e (commit)
>
> Those revisions listed above that are new to this repository have
> not appeared on any other notification email; so we list those
> revisions in full, below.
>
> - Log  
> -----------------------------------------------------------------
> commit 503a4c537397aaf90270eea84df610634fd156da
> Author: Stefan Hornburg (Racke) <racke at linuxia.de>
> Date:   Sun May 3 11:06:10 2009 +0200
>
>    require create_content permission
>
> -----------------------------------------------------------------------
>
> Summary of changes and diff:
> plugins/content/components/content_list |    2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/plugins/content/components/content_list b/plugins/ 
> content/components/content_list
> index 4817425..b71d646 100644
> --- a/plugins/content/components/content_list
> +++ b/plugins/content/components/content_list
> @@ -1,4 +1,6 @@
> +[acl check create_content]
> <a href="[area content/edit]">[L]Add new content[/L]</a>
> +[/acl]
> [query sql="select * from content" list=1]
> [on-match]
> <table>


This would not solve the 'security risk' imho.

If one knows the url (content/edit and/or content/edit/3) one will be  
able to add and or edit content.

Thanks,

Ton




More information about the wellwell-devel mailing list