[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cgit
Subject:    [PATCH 1/4] snapshots: Don't allow sneaked in snapshots requests
From:       cgit () cryptocrack ! de (Lukas Fleischer)
Date:       2014-02-02 14:49:17
Message-ID: 20140202144917.16353.17590 () typhoon ! lan
[Download RAW message or body]

On Sat, 01 Feb 2014 at 15:54:22, Sebastian Andrzej Siewior wrote:
> On 18.01.14, Sebastian Andrzej Siewior wrote:
> > If the snapshots are not enabled then the frontend won't show a link to it.
> > The skilled user however may construct the URL on his own and the frontend
> > will obey the request.
> > This patch adds a check for this case so the requst won't be served.
> 
> Any comments on this one?
> 

While I like this idea [1], I think that Jason is reluctant to add this
"fix" [2]. I am putting "fix" in quotes because being able to access
"disabled" snapshots is documented since commit 70546a3 (cgitrc.5.txt:
Fix documentation of the snapshot mask, 2014-01-13) [3].

> Sebastian
> _______________________________________________
> CGit mailing list
> CGit at lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/cgit

[1] http://lists.zx2c4.com/pipermail/cgit/2014-January/001692.html
[2] http://lists.zx2c4.com/pipermail/cgit/2012-October/000792.html
[2] http://git.zx2c4.com/cgit/commit/?id=70546a34583923a73da6fb89c2efb85801294dc1

[prev in list] [next in list] [prev in thread] [next in thread]