+1 On Wed, Jul 4, 2012 at 11:47 AM, Eduard Moraru <[email protected]> wrote:
> Ok, +1 then :) > > Thanks, > Eduard > > On Wed, Jul 4, 2012 at 12:41 PM, Thomas Mortagne > <[email protected]>wrote: > > > On Wed, Jul 4, 2012 at 11:24 AM, Eduard Moraru <[email protected]> > > wrote: > > > Hi Thomas, > > > > > > Was going to +1 this, but then a question popped up... > > > > > > Does this mean that an admin (with no PR) could craft and import a xar > > that > > > contains a macro with document author xwiki:XWiki.Admin and that macro > > will > > > be registered and get PR, thus being able to inject code that will > > execute > > > with PR? > > > > You can't import a XAR in backup mode (keeping the author of the XAR) > > if you don't have PR. > > > > Otherwise you would not need to do something that complex, you can > > simply import a page with some groovy script in it and give it a PR > > user as author in the XAR. And again the author of the wiki macro is > > already what is used at init time so I'm not really proposing anything > > new here. > > > > > > > > Thanks, > > > Eduard > > > > > > On Wed, Jul 4, 2012 at 11:23 AM, Thomas Mortagne > > > <[email protected]>wrote: > > > > > >> Hi devs, > > >> > > >> Currently the wiki macro is looking at context user when a wiki macro > > >> is modified. This is causing a lot of complexity and misunderstanding > > >> so I would like to change that to look at document author instead. > > >> > > >> * all we at at startup is document author anyway so if you restart > > >> that what XWiki will look at to register the macro so I don't see the > > >> point in not doing the same thing at runtime > > >> * context user makes more complex to make sure wiki macro are properly > > >> registered in background thread like clustering > > >> (http://jira.xwiki.org/browse/XWIKI-7318) and extension manager jobs > > >> (http://jira.xwiki.org/browse/XWIKI-8004) > > >> > > >> WDYT ? > > >> > > >> Here is my +1 > > >> > > >> -- > > >> Thomas Mortagne > > >> _______________________________________________ > > >> devs mailing list > > >> [email protected] > > >> http://lists.xwiki.org/mailman/listinfo/devs > > >> > > > _______________________________________________ > > > devs mailing list > > > [email protected] > > > http://lists.xwiki.org/mailman/listinfo/devs > > > > > > > > -- > > Thomas Mortagne > > _______________________________________________ > > devs mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/devs > > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > -- Denis Gervalle SOFTEC sa - CEO eGuilde sarl - CTO _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
