[Erp5-report] r26481 - in /erp5/trunk/bt5/erp5_project: SkinTemplateItem/portal_skins/erp5_...

nobody at svn.erp5.org nobody at svn.erp5.org
Fri Apr 17 16:05:20 CEST 2009 

Author: seb
Date: Fri Apr 17 16:05:18 2009
New Revision: 26481

URL: http://svn.erp5.org?rev=26481&view=rev
Log:
2009-04-17 Seb
* Fixed some security issue related to portal_membership

Modified:
    erp5/trunk/bt5/erp5_project/SkinTemplateItem/portal_skins/erp5_project/TaskReport_copyOrderPropertiesAndNotifyAssignee.xml
    erp5/trunk/bt5/erp5_project/bt/revision

Modified: erp5/trunk/bt5/erp5_project/SkinTemplateItem/portal_skins/erp5_project/TaskReport_copyOrderPropertiesAndNotifyAssignee.xml
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_project/SkinTemplateItem/portal_skins/erp5_project/TaskReport_copyOrderPropertiesAndNotifyAssignee.xml?rev=26481&r1=26480&r2=26481&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_project/SkinTemplateItem/portal_skins/erp5_project/TaskReport_copyOrderPropertiesAndNotifyAssignee.xml [utf8] (original)
+++ erp5/trunk/bt5/erp5_project/SkinTemplateItem/portal_skins/erp5_project/TaskReport_copyOrderPropertiesAndNotifyAssignee.xml [utf8] Fri Apr 17 16:05:18 2009
@@ -94,8 +94,7 @@
      and destination_decision_person is not None \\\n
      and destination_decision_person.getDefaultEmailText() \\\n
      and destination_decision_person.getReference():\n
-  source_user = portal.portal_membership.getMemberById(source_person.getReference())\n
-  if source_user is not None:\n
+  if len(portal.acl_users.erp5_users.getUserByLogin(source_person.getReference())):\n
     message = """A new task has been assigned to you by %(assignor)s.\n
 \n
 This task is named: %(title)s\n
@@ -191,7 +190,7 @@
                             <string>related_order</string>
                             <string>source_person</string>
                             <string>destination_decision_person</string>
-                            <string>source_user</string>
+                            <string>len</string>
                             <string>message</string>
                             <string>confirm_tag</string>
                           </tuple>

Modified: erp5/trunk/bt5/erp5_project/bt/revision
URL: http://svn.erp5.org/erp5/trunk/bt5/erp5_project/bt/revision?rev=26481&r1=26480&r2=26481&view=diff
==============================================================================
--- erp5/trunk/bt5/erp5_project/bt/revision [utf8] (original)
+++ erp5/trunk/bt5/erp5_project/bt/revision [utf8] Fri Apr 17 16:05:18 2009
@@ -1,1 +1,1 @@
-630
+631

More information about the Erp5-report mailing list