antville/antville
antville/antville
1
1
Fork 0
Code Issues 48 Pull requests 9 Projects Releases 9 Wiki Activity Actions

* Fixed security issue caused by sensitive property in req.data

Browse source 
* Fixed issue caused by setting a Metadata property to a Java value, e.g. java.net.URL instance becomes string without quotes. (Could this be a Rhino bug?)
 * Finalized conversion of AV_USER table to simple naming scheme ("user")
 * Added global getTitle() method which returns either site.title or root.sys_title
 * Implemented universal HopObject.value() method
 * Rededicated User.update() method since its previous functionality is now taken over by User.value()
 * Restructured login and register functionalities in User and MemberMgr
 * Replaced first occurrences of Exception with Error
 * Introduced i18n via gettext in User and MemberMgr
 * Removed getMessage() and Message in User and MemberMgr
 * Added first possible implementation of global getPermission() method
 * Modified code of global evalEmail() and evalURL() methods to work with Helma modules
 * Simplified global sendMail() method by not throwing any MailException anymore and returning the status code only
 * sendMail() now is using helma.Mail (so we can debug message output)
This commit is contained in:
Tobi Schäfer 2007-08-23 17:17:40 +00:00
parent 7d21e881e3
commit e9a7800a87
24 changed files with 401 additions and 436 deletions
Download patch file Download diff file Expand all files Collapse all files

10
code/Site/Site.js
View file

@ -299,7 +299,7 @@ Site.prototype.mostread_action = function() {
Site.prototype.referrers_action = function() {
if (req.data.permanent && session.user) {
try {
this.checkEdit(session.user, req.data.memberlevel);
this.checkEdit(session.user, res.data.memberlevel);
} catch (err) {
res.message = err.toString();
res.redirect(this.href());
@ -716,11 +716,11 @@ Site.prototype.navigation_macro = function(param) {
case "contributors" :
if (session.user.sysadmin ||
this.preferences.get("usercontrib") ||
req.data.memberlevel >= CONTRIBUTOR)
res.data.memberlevel >= CONTRIBUTOR)
this.renderSkin("contribnavigation");
break;
case "admins" :
if (session.user.sysadmin || req.data.memberlevel >= ADMIN)
if (session.user.sysadmin || res.data.memberlevel >= ADMIN)
this.renderSkin("adminnavigation");
break;
}
@ -864,7 +864,7 @@ Site.prototype.age_macro = function(param) {
*/
Site.prototype.history_macro = function(param) {
try {
this.checkView(session.user, req.data.memberlevel);
this.checkView(session.user, res.data.memberlevel);
} catch (deny) {
return;
}
@ -1111,7 +1111,7 @@ Site.prototype.switch_macro = function(param) {
try {
// FIXME: unfortunately, the check* methods are
// not very handy, anymore... (need try/catch block)
this.checkEdit(session.user, req.data.memberlevel);
this.checkEdit(session.user, res.data.memberlevel);
res.write(param.on);
} catch (err) {
res.write(param.off);