Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-13742

Put back XWikiDocument#getRenderedContent(String) behavior and move the safeguard at Document level

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 8.3
    • 8.3-rc-1
    • Old Core
    • None
    • Unit
    • Unknown
    • N/A
    • N/A

    Description

      Some Java side code might count on some content passed to XWikiDocument#getRenderedContent to be executed with the right of the document content author so it would be safer to move the security restriction introduced in XWIKI-5477 only at Document level.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-5477 It's possible to easily execute anything in the context of any document from public API

          • Major - Major loss of function.
          • Closed

          Activity

            People

              tmortagne Thomas Mortagne
              tmortagne Thomas Mortagne
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: