roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Glen Mazza (JIRA)" <>
Subject [jira] [Resolved] (ROL-1983) Only expose AJAX User List Servlet to admin users
Date Wed, 19 Feb 2014 12:07:20 GMT


Glen Mazza resolved ROL-1983.

    Resolution: Fixed

Fixed again in 5.0.4.

> Only expose AJAX User List Servlet to admin users
> -------------------------------------------------
>                 Key: ROL-1983
>                 URL:
>             Project: Apache Roller
>          Issue Type: Task
>          Components: User Management
>    Affects Versions: 5.1, 5.0.3
>            Reporter: Glen Mazza
>            Assignee: Glen Mazza
>             Fix For: 5.1, 5.0.4
> For some reason the Roller user list is presently implemented via a servlet, allowing
the list of blog users and email addresses to be publicly accessible for those accessing the
URL.  Goal here is to shut off the servlet and use a traditional Struts/JPA method of listing
the users on the page, perhaps similar to our blog entry listing screen.
> UPDATE: there's nothing wrong with using a Servlet for this AJAX operation, but we should
only expose the Servlet to those who are logged into Roller as site admins.

This message was sent by Atlassian JIRA

View raw message