#4166: [with patch; needs work] Separate resource for @interact
-------------------------+--------------------------------------------------
Reporter: itolkov | Owner: itolkov
Type: enhancement | Status: new
Priority: major | Milestone: sage-3.1.3
Component: interact | Resolution:
Keywords: |
-------------------------+--------------------------------------------------
Changes (by was):
* summary: [with patch; needs review] Separate resource for @interact =>
[with patch; needs work] Separate resource for
@interact
Comment:
Good, works, but has one problem, which is that it creates a serious
security vulnerability. It needs code like this or something like in the
Worksheet_eval Resource:
{{{
if owner != '_sage_':
if W.owner() != self.username and not (self.username in
W.collaborators()):
return InvalidPage(msg = "can't evaluate worksheet cells",
username = self.username\
)
}}}
Once this is resolved, it will get a positive review.
It might also be nice if there were a comment that explains why we are
creating this new resource. E.g., "make code cleaner"? "because it will
be needed later for something else
that is planned?"
--
Ticket URL: <http://trac.sagemath.org/sage_trac/ticket/4166#comment:2>
Sage <http://sagemath.org/>
Sage - Open Source Mathematical Software: Building the Car Instead of
Reinventing the Wheel
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"sage-trac" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/sage-trac?hl=en
-~----------~----~----~----~------~----~------~--~---
