Traversal and security
Bug #79778 reported by
Marius Gedminas
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
SchoolTool |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
In the SchoolTool server only page rendering is protected, but URL traversal is
not. It should be.
In other words, if you try to browse /persons/manager in the web app, you will
get a login page, but if you browse to /persons/
not found error instead. You should get the login page in both cases.
Changed in schooltool: | |
status: | In Progress → Confirmed |
Changed in schooltool: | |
importance: | Medium → Undecided |
Changed in schooltool: | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
This bug is still relevant in Zope 3-based SchoolBell.