Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-13476

Programming rights leaked through XWikiSkinFileOverrideClass templates

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • None
    • 7.1.4, 8.1
    • Old Core
    • Unknown

    Description

      If a document-skin makes use of XWikiSkinFileOverrideClass objects to override templates, and that skin is installed by a user with PR, then $xwiki.hasProgrammingRights() will say true, even though hasAccess('programming') says false.

      The cause is in InternalTemplateManager.

      A quick fix is to drop permissions in such templates, but this also disables valid programming rights.

      tmortagne Any ideas?

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-6058 Document.getRenderedContent() should be executed with the right of the document

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-6058 Document.getRenderedContent() should be executed with the right of the document

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              sdumitriu Sergiu Dumitriu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: