[Erp5-report] r19837 - in /erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style: SkinTemplat...

nobody at svn.erp5.org nobody at svn.erp5.org
Thu Mar 13 11:32:41 CET 2008 

Author: romain
Date: Thu Mar 13 11:32:40 2008
New Revision: 19837

URL: http://svn.erp5.org?rev=19837&view=rev
Log:
Remove Manager proxy role from Base_createCloneDocument in order to prevent information leak.
Some improvements may be required on this script, as Unauthorized error may happen if one subobject is not traversable by the user.

Modified:
    erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml
    erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml?rev=19837&r1=19836&r2=19837&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/SkinTemplateItem/portal_skins/erp5_xhtml_style/Base_createCloneDocument.xml Thu Mar 13 11:32:40 2008
@@ -132,9 +132,7 @@
         <item>
             <key> <string>_proxy_roles</string> </key>
             <value>
-              <tuple>
-                <string>Manager</string>
-              </tuple>
+              <tuple/>
             </value>
         </item>
         <item>

Modified: erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision
URL: http://svn.erp5.org/erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision?rev=19837&r1=19836&r2=19837&view=diff
==============================================================================
--- erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision (original)
+++ erp5/trunk/products/ERP5/bootstrap/erp5_xhtml_style/bt/revision Thu Mar 13 11:32:40 2008
@@ -1,1 +1,1 @@
-501
+502

More information about the Erp5-report mailing list