On Fri, Dec 17, 2010 at 9:12 AM, Jacques Le Roux < [email protected]> wrote:
> Hi, > > I wonder about this in ajaxAutocompleteOptions screen > framework/common/widget/CommonScreens.xml > <<FindAutocompleteOptions.groovy FIXME: Disabled because it represents a > security hole.>> > > Should we care about it, or simply remove the commentted out snippet? > > Thanks > > Jacques > > You can remove the comment without worries. It applies to the old version of the FindAutocompleteOptions.groovy where entityName was retrieved from parameters, thus allowing users to query any entity. Bilgin
