Protect important velocity variables by making them readonly
------------------------------------------------------------
Key: XWIKI-1724
URL: http://jira.xwiki.org/jira/browse/XWIKI-1724
Project: XWiki Platform
Issue Type: New Feature
Components: Core, Scripting - Velocity
Reporter: Sergiu Dumitriu
We shouldn't allow user code to overwrite important variables, like $*doc,
$context, $xwiki, $request, $response. This can be done using the notification
mechanism provided by velocity, which allows to intercept any variable
assignment.
This is important because portions of code that make use of programming rights
might alter the wrong document, if $doc would be changed, for example.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
