openerp-india team mailing list archive
-
openerp-india team
-
Mailing list archive
-
Message #23769
[Bug 1130712] [NEW] Anonymous user can DELETE filters when debug GET parameter is activated
*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
When the public portal functionality is activated, the anonymous user
can CREATE/DELETE defined filters from the system.
How to reproduce:
1. Activate the public portal functionality
2. specify the debug GET parameter on the url
3. in the debug menu, click 'Manage filters'
4. clear the automatically applied filters (all filters are shown)
5. Select any of the filters and delete it.
Expected behaviour: No display of filters at all.
** Affects: openobject-server
Importance: Undecided
Status: New
--
Anonymous user can DELETE filters when debug GET parameter is activated
https://bugs.launchpad.net/bugs/1130712
You received this bug notification because you are a member of OpenERP Indian Team, which is subscribed to OpenERP Server.