[wellwell-devel] [SCM] Interchange wellwell catalog branch, master, updated. 503a4c537397aaf90270eea84df610634fd156da
Stefan Hornburg (Racke)
racke at linuxia.de
Sun May 3 09:42:42 UTC 2009
Ton Verhagen wrote:
> On May 3, 2009, at 11:06 AM, Stefan Hornburg wrote:
>
>> This is an automated email from the git hooks/post-receive script.
>> It was
>> generated because a ref change was pushed to the repository containing
>> the project "Interchange wellwell catalog".
>>
>> The branch, master has been updated
>> via 503a4c537397aaf90270eea84df610634fd156da (commit)
>> from a974c989178b7026c1d2e944c2a58abbcf0e4f8e (commit)
>>
>> Those revisions listed above that are new to this repository have
>> not appeared on any other notification email; so we list those
>> revisions in full, below.
>>
>> - Log
>> -----------------------------------------------------------------
>> commit 503a4c537397aaf90270eea84df610634fd156da
>> Author: Stefan Hornburg (Racke) <racke at linuxia.de>
>> Date: Sun May 3 11:06:10 2009 +0200
>>
>> require create_content permission
>>
>> -----------------------------------------------------------------------
>>
>> Summary of changes and diff:
>> plugins/content/components/content_list | 2 ++
>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/plugins/content/components/content_list b/plugins/
>> content/components/content_list
>> index 4817425..b71d646 100644
>> --- a/plugins/content/components/content_list
>> +++ b/plugins/content/components/content_list
>> @@ -1,4 +1,6 @@
>> +[acl check create_content]
>> <a href="[area content/edit]">[L]Add new content[/L]</a>
>> +[/acl]
>> [query sql="select * from content" list=1]
>> [on-match]
>> <table>
>
>
> This would not solve the 'security risk' imho.
>
> If one knows the url (content/edit and/or content/edit/3) one will be
> able to add and or edit content.
I know, the next patch is being worked upon. However, breakfirst comes
first :-).
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
More information about the wellwell-devel
mailing list