Application Controller methods exposed as actions

Bráulio Bhavamitra braulio at eita.org.br
Thu Aug 15 10:57:27 BRT 2013 

Hum, for that to be really fixed all helper classes must have a
protected before all its methods declarations.

http://www.treibstofff.de/2009/08/07/ruby-visibility-of-private-and-protected-module-methods-when-mixed-into-a-class/

best regards,
bráulio

On Thu, Aug 8, 2013 at 5:30 PM, Rodrigo Souto <rodrigo at colivre.coop.br> wrote:
> Hey Bráulio,
>
> I think this is a good thing to do, but on your last commit lots of
> tests were broken by your fix so I just reverted the changes since I
> didn't had the time to investigate the problems. If you (or anybody) do
> it (this time with no tests broken), I'll included it happily.
>
> Bráulio Bhavamitra escreveu isso ai:
>> Hello Noosfero developers,
>>
>> There is a problem that everytime I see I get worried about it, as it might
>> have security implications. I've already submitted a merge request that
>> fixed it, but fix was removed after the merge.
>>
>> The problem is that the methods in ApplicationController are not declared
>> as protected (or private) so they become actions for all other controllers.
>>
>> http://noosfero.org/Development/ActionItem2472
>>
>> The fix is simples, just add one line: put protected keyword in the
>> beggining of application_controller, as it is an abstract controller.
>>
>> best regards,
>> bráulio
>>
>> --
>> "Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua
>> ideologia. Morra por sua ideologia" P.R. Sarkar
>>
>> EITA - Educação, Informação e Tecnologias para Autogestão
>> http://cirandas.net/brauliobo
>> http://eita.org.br
>
>> _______________________________________________
>> Noosfero-dev mailing list
>> Noosfero-dev at listas.softwarelivre.org
>> http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
>
>
> --
> Rodrigo Souto <rodrigo at colivre.coop.br> :: 55 71 8131-7714
> Colivre - Cooperativa de Tecnologias Livres
> http://www.colivre.coop.br/
>
> _______________________________________________
> Noosfero-dev mailing list
> Noosfero-dev at listas.softwarelivre.org
> http://listas.softwarelivre.org/cgi-bin/mailman/listinfo/noosfero-dev
>



-- 
"Lute pela sua ideologia. Seja um com sua ideologia. Viva pela sua
ideologia. Morra por sua ideologia" P.R. Sarkar

EITA - Educação, Informação e Tecnologias para Autogestão
http://cirandas.net/brauliobo
http://eita.org.br

More information about the Noosfero-dev mailing list