[wellwell-devel] [SCM] Interchange wellwell catalog branch, master, updated. 503a4c537397aaf90270eea84df610634fd156da

Stefan Hornburg (Racke) racke at linuxia.de
Sun May 3 09:42:42 UTC 2009 

Ton Verhagen wrote:
> On May 3, 2009, at 11:06 AM, Stefan Hornburg wrote:
> 
>> This is an automated email from the git hooks/post-receive script.  
>> It was
>> generated because a ref change was pushed to the repository containing
>> the project "Interchange wellwell catalog".
>>
>> The branch, master has been updated
>>       via  503a4c537397aaf90270eea84df610634fd156da (commit)
>>      from  a974c989178b7026c1d2e944c2a58abbcf0e4f8e (commit)
>>
>> Those revisions listed above that are new to this repository have
>> not appeared on any other notification email; so we list those
>> revisions in full, below.
>>
>> - Log  
>> -----------------------------------------------------------------
>> commit 503a4c537397aaf90270eea84df610634fd156da
>> Author: Stefan Hornburg (Racke) <racke at linuxia.de>
>> Date:   Sun May 3 11:06:10 2009 +0200
>>
>>    require create_content permission
>>
>> -----------------------------------------------------------------------
>>
>> Summary of changes and diff:
>> plugins/content/components/content_list |    2 ++
>> 1 files changed, 2 insertions(+), 0 deletions(-)
>>
>> diff --git a/plugins/content/components/content_list b/plugins/ 
>> content/components/content_list
>> index 4817425..b71d646 100644
>> --- a/plugins/content/components/content_list
>> +++ b/plugins/content/components/content_list
>> @@ -1,4 +1,6 @@
>> +[acl check create_content]
>> <a href="[area content/edit]">[L]Add new content[/L]</a>
>> +[/acl]
>> [query sql="select * from content" list=1]
>> [on-match]
>> <table>
> 
> 
> This would not solve the 'security risk' imho.
> 
> If one knows the url (content/edit and/or content/edit/3) one will be  
> able to add and or edit content.

I know, the next patch is being worked upon. However, breakfirst comes
first :-).

Regards
	Racke

-- 
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team

More information about the wellwell-devel mailing list