www_editSave needs permission checks to prevent extra assets from being added by unprivileged users. Partial fix for #12068.
This commit is contained in:
Colin Kuskie
parent
78d27ad031
commit
efcc4fe1a7
2 changed files with 9 additions and 1 deletions
|
|
@ -8,6 +8,7 @@
|
|||
- fixed #12061: TimeField form plugin doesn't work with all names.
|
||||
- fixed #12055: Thingy pagination breaks after editing data
|
||||
- fixed #12066: Thingy CSV export overrides ExportHTML
|
||||
- fixed #12068: www_editSave not strict enough in permission checks
|
||||
|
||||
7.10.10
|
||||
- fixed #12035: Story Manager - make keywords from Story view work
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue