[
https://issues.apache.org/jira/browse/RAVE-298?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jasha Joachimsthal updated RAVE-298:
------------------------------------
Fix Version/s: 0.5-INCUBATING
> Page manipulations are unchecked
> --------------------------------
>
> Key: RAVE-298
> URL: https://issues.apache.org/jira/browse/RAVE-298
> Project: Rave
> Issue Type: Bug
> Affects Versions: 0.4-INCUBATING
> Reporter: Jasha Joachimsthal
> Priority: Critical
> Fix For: 0.5-INCUBATING
>
>
> Currently it's possible to add/move/delete a widget on a page that does not
> belong to the logged in user by changing request parameters or the id in the
> url. Checks must be added to page and widget manipulations if the user that
> does the manipulations are performed by the owner.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
