[
http://jira.xwiki.org/jira/browse/XWIKI-1724?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergiu Dumitriu updated XWIKI-1724:
-----------------------------------
Fix Version/s: Future
Assignee: Sergiu Dumitriu
> Protect important velocity variables by making them readonly
> ------------------------------------------------------------
>
> Key: XWIKI-1724
> URL: http://jira.xwiki.org/jira/browse/XWIKI-1724
> Project: XWiki Platform
> Issue Type: New Feature
> Components: Core, Scripting - Velocity
> Reporter: Sergiu Dumitriu
> Assigned To: Sergiu Dumitriu
> Fix For: Future
>
>
> We shouldn't allow user code to overwrite important variables, like $*doc,
> $context, $xwiki, $request, $response. This can be done using the
> notification mechanism provided by velocity, which allows to intercept any
> variable assignment.
> This is important because portions of code that make use of programming
> rights might alter the wrong document, if $doc would be changed, for example.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.xwiki.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
notifications mailing list
[email protected]
http://lists.xwiki.org/mailman/listinfo/notifications
