Changeset ca5bc0 in indico

Timestamp:

09/14/09 19:43:10 (4 years ago)

Author:

Jose Benito <jose.benito.gonzalez@…>

Branches:

master, burotel, hello-world-walkthrough, ipv6, new-webex, prov-dual-interface, v0.97-series, v0.98-series, v0.98.2, v0.98.3, v0.98b1, v0.98b2, v0.99, b8c30da8ebdbdcbd675a873997cc3e95f567de49, 4287315ec967a3da168d83963c14001db8487d53

Children:

148629

Parents:

1d78ae

git-author:

Jose Benito <jose.benito.gonzalez@…> (09/03/09 15:03:42)

git-committer:

Jose Benito <jose.benito.gonzalez@…> (09/14/09 19:43:10)

Message:

[FIXED] Security problem in room booking form

users who knew the URL could access the form to book a room.

File:

• indico/MaKaC/webinterface/rh/roomBooking.py (modified) (1 diff)

indico/MaKaC/webinterface/rh/roomBooking.py

@@ -1035 +1035 @@
             raise MaKaCError( "You are not authorized to book this room." )
         
+        if not self._candResv.room.canBook( self._getUser() ) and not self._candResv.room.canPrebook( self._getUser() ):
+            raise MaKaCError( "You are not authorized to book this room." )
+
         if self._formMode == FormMode.MODIF:
             if not self._candResv.canModify( self.getAW() ):