3
# User Thomas Waldmann <tw AT waldmann-edv DOT de>
4
# Date 1189529365 -7200
5
# Node ID c8a7086b20c3d523a4331693713515c1dd85d928
6
# Parent c99dd42f2c666bc794640a0d69de259e19ac72cc
7
respect ACLs when sending <link rel=Appendix ...> for attachments
9
--- a/MoinMoin/wikiutil.py Tue Sep 11 18:31:36 2007 +0200
10
+++ b/MoinMoin/wikiutil.py Tue Sep 11 18:49:25 2007 +0200
11
@@ -1360,7 +1360,9 @@ def send_title(request, text, **keywords
12
request.write(''.join(output))
16
+ # XXX maybe this should be removed completely. moin emits all attachments as <link rel="Appendix" ...>
17
+ # and it is at least questionable if this fits into the original intent of rel="Appendix".
18
+ if pagename and request.user.may.read(pagename):
19
from MoinMoin.action import AttachFile
20
AttachFile.send_link_rel(request, pagename)
22
--- a/docs/CHANGES Tue Sep 11 18:31:36 2007 +0200
23
+++ b/docs/CHANGES Tue Sep 11 18:49:25 2007 +0200
24
@@ -33,9 +33,10 @@ Version 1.5.current:
25
* AttachFile overwrite mode (introduced in 1.5.7) did not check delete
26
rights, but only write rights. Now it checks that the user has write AND
27
delete rights before overwriting a file.
28
+ * GetVal respects now ACLs on the Dict page
29
+ * Respect ACLs when sending <link rel="Appendix" ...> for attachments.
30
* Fixed potential XSS issues related to feeding of gui editor.
31
* Fixed XSS issue in RenamePage/DeletePage action.
32
- * GetVal respects now ACLs on the Dict page