Application Controller methods exposed as actions
Bráulio Bhavamitra
braulio at eita.org.br
Fri Aug 2 14:58:49 BRT 2013
Hello Noosfero developers,
There is a problem that everytime I see I get worried about it, as it might
have security implications. I've already submitted a merge request that
fixed it, but fix was removed after the merge.
The problem is that the methods in ApplicationController are not declared
as protected (or private) so they become actions for all other controllers.
http://noosfero.org/Development/ActionItem2472
The fix is simples, just add one line: put protected keyword in the
beggining of application_controller, as it is an abstract controller.
best regards,
bráulio
--
"Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua
ideologia. Morra por sua ideologia" P.R. Sarkar
EITA - Educação, Informação e Tecnologias para Autogestão
http://cirandas.net/brauliobo
http://eita.org.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20130802/8fe3274e/attachment.html>
More information about the Noosfero-dev
mailing list