[MAGNOLIA-1536] Security holes in DefaultHierarchyManager and Content class Created: 17/May/07  Updated: 23/Jan/13  Resolved: 15/Nov/07

Status: Closed
Project: Magnolia
Component/s: core
Affects Version/s: 3.1 M1
Fix Version/s: 3.5 RC1

Type: Bug Priority: Blocker
Reporter: Sameer Charles Assignee: Jan Haderka
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relation
is related to MAGNOLIA-1921 Impossibility to change Dates Closed
is related to MAGNOLIA-1954 dialogs: not able to unset any value ... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   
  • DefaultHierarchyManager.delete(String path) does not check for any permissions
  • Content.deleteNodeData(String name) does not check for Permission.REMOVE


 Comments   
Comment by Jan Haderka [ 15/Nov/07 ]

Added check for permission REMOVE to both affected places.

Generated at Mon Feb 12 03:27:51 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.