? Pending

User tests: Successful: Unsuccessful:

avatar wilsonge
wilsonge
28 Jan 2020

Summary of Changes

I missed in the GSOC project we'd started to store state fullblown in the input object which is obviously wrong. This changes it so we do webservices properly and build a state object to pass into the model. This is a moderate security fix to the unreleased webservices because potentially with this you can inject arbitrary state into the model directly from query parameters which is obviously bad.

Testing Instructions

Affected webservices (e.g. categories) continue to function with no changes from before.

Documentation Changes Required

Yes when webservices are documented

avatar wilsonge wilsonge - open - 28 Jan 2020
avatar wilsonge wilsonge - change - 28 Jan 2020
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 28 Jan 2020
Category Libraries
avatar wilsonge wilsonge - change - 3 Feb 2020
Labels Added: ?
avatar wilsonge wilsonge - change - 3 Feb 2020
The description was changed
avatar wilsonge wilsonge - edited - 3 Feb 2020
avatar wilsonge wilsonge - change - 3 Feb 2020
Title
[WIP] Set data directly into state rather than faking a proxy into the input
Set data directly into state rather than faking a proxy into the input
avatar wilsonge wilsonge - edited - 3 Feb 2020
avatar wilsonge wilsonge - change - 3 Feb 2020
Title
Set data directly into state rather than faking a proxy into the input
[4.0] Set data directly into state rather than faking a proxy into the input
avatar wilsonge wilsonge - edited - 3 Feb 2020
avatar wilsonge wilsonge - change - 8 Feb 2020
Status Pending Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2020-02-08 16:00:58
Closed_By wilsonge
avatar wilsonge wilsonge - close - 8 Feb 2020
avatar wilsonge wilsonge - merge - 8 Feb 2020
avatar wilsonge wilsonge - change - 8 Feb 2020
The description was changed
avatar wilsonge wilsonge - edited - 8 Feb 2020

Add a Comment

Login with GitHub to post a comment