Skip to content
This repository has been archived by the owner on Aug 22, 2019. It is now read-only.

Check to make sure user owns group in displayer API #459

Merged
merged 4 commits into from
Nov 30, 2012
Merged

Check to make sure user owns group in displayer API #459

merged 4 commits into from
Nov 30, 2012

Conversation

brianloveswords
Copy link
Contributor

Issue #420

In the displayer API, we were neglecting to check if the group actually
belonged to the specified user. While this isn't necessarily a security
hole – groups would still have to be marked as public to be shown – it
was certainly less than ideal.

@brianloveswords
Ensure group being pulled belongs to user.
33ccaac 
In the displayer API, we were neglecting to check if the group actually
belonged to the specified user. While this isn't necessarily a security
hole   groups would still have to be marked as public to be shown   it
was certainly less than ideal.
@brianloveswords
Remove some debugging statements.
ad6ab7a
@brianloveswords
Fix conmock for express 3.x
dbe7c4b
@brianloveswords
Copy link
Contributor Author

@stenington to review (if possible). If you can't get to it by Friday, I'll just merge it.

@brianloveswords
Copy link
Contributor Author

IT'S HAPPENING

brianloveswords added a commit that referenced this pull request Nov 30, 2012
@brianloveswords
Merge pull request #459 from brianloveswords/420-unchecked-rest-param
b453cba 
Check to make sure user owns group in displayer API [closes #420]
@brianloveswords brianloveswords merged commit b453cba into mozilla:development Nov 30, 2012
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@brianloveswords