WebComment: improve sanity checks
dbded6f661fc
Actions

Authored by Jerome Caffaro <jerome.caffaro@cern.ch> on Feb 13 2012, 14:21.

Description

WebComment: improve sanity checks

When reporting, voting, or replying to a comment, or when accessing comment attachments, ensure that the comment belongs to the given record and is not deleted. (For example, this prevents malicious users from attempting to indirectly reach comments in restricted collections by URL mangling.)

Committed

Tibor Simko <tibor.simko@cern.ch>

Feb 13 2012, 14:25

Parents

R3600:db31e01cefa6: Merge branch 'maint-0.99' into maint-1.0

Branches

Unknown

Tags

Unknown

Tibor Simko <tibor.simko@cern.ch> committed R3600:dbded6f661fc: WebComment: improve sanity checks (authored by Jerome Caffaro <jerome.caffaro@cern.ch>).Feb 13 2012, 14:25

				Path
	M			modules/webcomment/lib/webcomment.py
	M			modules/webcomment/lib/webcomment_regression_tests.py
	M			modules/webcomment/lib/webcomment_webinterface.py