+1 for these changes, on trunk only.
Artem Melentyev wrote:
> Hi, devs.
>
> While reviewing our attachment archive implementation I found following
> methods in com.xpn.xwiki.api.Attachment:
>
> /**
> * @return the rcs archive of the attachement
> */
> public Archive getArchive() {
> return attachment.getArchive();
> }
>
> It returns unwrapped JRCS archive which Has modify methods.
> So user can change attachment archive without proper rights.
>
> Also there are public archive-specific methods in api.Attachment such as
> getVersions, getAttachmentRevision.
> So I found no usecases of getArchive method.
>
> This method can be replaced by api.Attachment.getAttachment().getArchive()
> with checking programming right.
>
> next method:
>
> public XWikiAttachment getAttachmentRevision(String rev) throws
> XWikiException
> {
> return attachment.getAttachmentRevision(rev, getXWikiContext());
> }
>
> returns unwrapped XWikiAttachment, but should return api.Attachment.
>
>
> So i propose to delete api.Attachment#getArchive() and modify
> getAttachmentRevision to return Attachment.
> Another question: is this fix needed for 1.3 brunch?
>
> Here is my +1 for fix it in trunk.
>
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
