Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Critical
Fix Version/s: 2.5 M2
Affects Version/s: 1.0 B5
Component/s: {Unused} Authentication and Rights Management, {Unused} Core
Labels:
None
Environment:
all

keywords:
security context panels
Development Priority:
High
Similar issues:

Description

Panels and menus are executed in the context of the main document. This raises a security problem.

Scenario:
1) a user with edit rights but no programming rights adds some Groovy code into a panel
2) the user then browses a document whose last author has programming rights

Then the Groovy code inserted in 1) is executed, whereas it should not since the author has no programming rights.

Attachments

Activity

People

Assignee:: CalebJamesDeLisle

Reporter:: slauriere

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 19/Mar/07 15:55

Updated:: 02/Dec/22 10:55

Resolved:: 20/Sep/10 12:17

Date of First Response:: 19/Mar/07 9:23 PM