https://bugzilla.wikimedia.org/show_bug.cgi?id=53068
Web browser: ---
Bug ID: 53068
Summary: Permissions info should not be stored in JSON
Product: MediaWiki extensions
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: Annotator
Assignee: [email protected]
Reporter: [email protected]
CC: [email protected], [email protected]
Classification: Unclassified
Mobile Platform: ---
Although "user" is treated correctly, the "permissions" object is currently
written and returned directly from the JSON.
It should also be stripped on create/update, and generated from the user column
in populateAnnotation. This is for security reasons; as is the owner of the
annotation can e.g. give update and admin rights to anyone.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
