25 Feb
2006
25 Feb
'06
3 a.m.
Its easy enough to fix, but if any view layer depends on the extra
access, it will break. Is it ok to break people that are wrongly
depending on a security hole to get more access?
Something like wrapping the returned lists with a call to wrapDocs
would work:
private List wrapDocs(List docs)
{
List result = new ArrayList();
if (docs != null)
{
for (Iterator iter = result.iterator(); iter.hasNext();)
{
XWikiDocument doc = (XWikiDocument) iter.next();
Document wrappedDoc = new Document(doc, context);
result.add(wrappedDoc);
}
}
return result;
}
Matt
On Feb 24, 2006, at 8:50 PM, Ludovic Dubost wrote:
There is a bug in this API.. I have been notified of that one
recently.
We need to fix it
Ludovic
Matthew Conway a écrit :
Isn't it a potential security hole for
com.xpn.xwiki.api.XWiki.searchDocuments(*) to return a list of
XWikiDocument instead of wrapping them in a Document like the
other API methods do?
Matt
---------------------------------------------------------------------
---
--
You receive this message as a subscriber of the xwiki-
dev(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://
www.objectweb.org/wws
--
Ludovic Dubost
XPertNet: http://www.xpertnet.fr/
Blog: http://www.ludovic.org/blog/
XWiki: http://www.xwiki.com
Skype: ldubost AIM: nvludo Yahoo: ludovic
--
You receive this message as a subscriber of the xwiki-
dev(a)objectweb.org mailing list.
To unsubscribe: mailto:xwiki-dev-unsubscribe@objectweb.org
For general help: mailto:sympa@objectweb.org?subject=help
ObjectWeb mailing lists service home page: http://www.objectweb.org/
wws