Application Controller methods exposed as actions
Rodrigo Souto
rodrigo at colivre.coop.br
Thu Aug 8 17:30:40 BRT 2013
Hey Bráulio,
I think this is a good thing to do, but on your last commit lots of
tests were broken by your fix so I just reverted the changes since I
didn't had the time to investigate the problems. If you (or anybody) do
it (this time with no tests broken), I'll included it happily.
Bráulio Bhavamitra escreveu isso ai:
> Hello Noosfero developers,
>
> There is a problem that everytime I see I get worried about it, as it might
> have security implications. I've already submitted a merge request that
> fixed it, but fix was removed after the merge.
>
> The problem is that the methods in ApplicationController are not declared
> as protected (or private) so they become actions for all other controllers.
>
> http://noosfero.org/Development/ActionItem2472
>
> The fix is simples, just add one line: put protected keyword in the
> beggining of application_controller, as it is an abstract controller.
>
> best regards,
> bráulio
>
> --
> "Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua
> ideologia. Morra por sua ideologia" P.R. Sarkar
>
> EITA - Educação, Informação e Tecnologias para Autogestão
> http://cirandas.net/brauliobo
> http://eita.org.br
> _______________________________________________
> Noosfero-dev mailing list
> Noosfero-dev at listas.softwarelivre.org
> http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
--
Rodrigo Souto <rodrigo at colivre.coop.br> :: 55 71 8131-7714
Colivre - Cooperativa de Tecnologias Livres
http://www.colivre.coop.br/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20130808/9690adfd/attachment.pgp>
More information about the Noosfero-dev
mailing list