Forum OpenACS Development: Re: ETP Subnavbar Application commited

Collapse
7: Re: ETP Subnavbar Application commited (response to 6)
Posted by Jade Rubick on 02/02/04 07:37 PM
Can someone commit to fixing this? This is a security hole, and even though I'm very happy about the new functionality, I think this is a security problem big enough that I would call it a blocking security bug. I wouldn't choose to deploy this on my own site, unless I have the option of turning it off (and by default it should be off I think)
Collapse
8: Re: ETP Subnavbar Application commited (response to 7)
Posted by Malte Sussdorff on 02/03/04 12:23 AM
Shall the parameter be Application, ETP or subsite-wide? If you say application specific, then I will upload a new subnavbar without <include> functionality. If you say ETP wide, I would ammend all the current ETP applications to make use of that parameter. And last but not least, if we make it subsite-wide, I would be looking into adding this to the weblogger (if it could be done easily). Someone else might then go off and add it either to the richtext widget or create a new widget type or manually edit this in each package.