oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed: Security issue in CS RSS feeds

Browse source
This commit is contained in:
Doug Bell 2008-06-13 20:16:48 +00:00
parent 10060cb06c
commit ea3d3e9e9c
2 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/changelog/7.x.x.txt
View file

@ -3,6 +3,7 @@
- fixed: Product Variants not saving SKU
- fixed: Shop Payment Methods
- fixed: Syndicated Content asset makes template engine choke
- fixed: Security issue in CS RSS feeds
- fixed: Asset Manager breaks when an asset is locked
- fixed: Asset Manager is slow to load
- fixed: project management application unable to add or edit tasks.

1
lib/WebGUI/Asset/RSSFromParent.pm
View file

@ -96,6 +96,7 @@ sub www_view {
my $self = shift;
return '' unless $self->session->asset->getId eq $self->getId;
return '' unless $self->getParent->isa('WebGUI::Asset::RSSCapable');
return '' unless $self->getParent->canView; # Go to parent for auth
my $parent = $self->getParent;
my $template = WebGUI::Asset::Template->new($self->session, $parent->get('rssCapableRssTemplateId'));
$template->prepare;