rss-subscr-ae.tcl

Create or edit an RSS feed generation request. Technically we only need to require either subscr_id or folder_id. When subscr_id is passed in, any passed-in folder_id will get overwritten by the select query. This provides a safeguard against url surgery. Security: OpenACS ensures that the user has admin permission on this package instance. However, we can't trust the incoming subscription_id or folder_id. RSS feed requests (subscrs) are placed in the permission context of the folder being summarizing, so permission checks can be done against either the folder_id or subscr_id.

Location:

/packages/file-storage/www/admin/rss-subscr-ae.tcl

Related Files

• packages/file-storage/www/admin/rss-subscr-ae.xql
• packages/file-storage/www/admin/rss-subscr-ae.tcl
• packages/file-storage/www/admin/rss-subscr-ae.adp
• packages/file-storage/www/admin/rss-subscr-ae-postgresql.xql
• packages/file-storage/www/admin/rss-subscr-ae-oracle.xql

[ show source ]