On Mar 6, 2008, at 9:57 PM, Artem Melentyev wrote:
> Hi, devs.
>
> While reviewing our attachment archive implementation I found
> following
> methods in com.xpn.xwiki.api.Attachment:
>
> /**
> * @return the rcs archive of the attachement
> */
> public Archive getArchive() {
> return attachment.getArchive();
> }
>
> It returns unwrapped JRCS archive which Has modify methods.
> So user can change attachment archive without proper rights.
>
> Also there are public archive-specific methods in api.Attachment
> such as
> getVersions, getAttachmentRevision.
> So I found no usecases of getArchive method.
>
> This method can be replaced by
> api.Attachment.getAttachment().getArchive()
> with checking programming right.
>
> next method:
>
> public XWikiAttachment getAttachmentRevision(String rev) throws
> XWikiException
> {
> return attachment.getAttachmentRevision(rev, getXWikiContext());
> }
>
> returns unwrapped XWikiAttachment, but should return api.Attachment.
>
>
> So i propose to delete api.Attachment#getArchive() and modify
> getAttachmentRevision to return Attachment.
+1
> Another question: is this fix needed for 1.3 brunch?
for the brunch no, for the dinner maybe ;)
*chuckles*
No I think it's a bit too later for 1.3. We can decide later if we
want it for 1.3.1.
Thanks
-Vincent
_______________________________________________
devs mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/devs
