Permissions are ignored for @handler
Bug #705860 reported by
Max Rabkin
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ibid |
Fix Released
|
Critical
|
Max Rabkin |
Bug Description
If a handler has no "pattern" attribute, it will be called even if this is not authorised.
This is probably not exploitable for great evil at the moment; the only processor affected is Invited. Feel free to mark as not-a-vulnerability if you agree.
Related branches
lp:~max-rabkin/ibid/perms-705860
- Stefano Rivera: Approve
- marcog (community): Approve
-
Diff: 32 lines (+9/-6)1 file modifiedibid/plugins/__init__.py (+9/-6)
- Stefano Rivera: Approve
- marcog (community): Approve
-
Diff: 32 lines (+9/-6)1 file modifiedibid/plugins/__init__.py (+9/-6)
Changed in ibid: | |
status: | New → In Progress |
visibility: | private → public |
Changed in ibid: | |
status: | In Progress → Fix Committed |
Changed in ibid: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.