inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
02928e266ad562e8fbbf98b3dc6c8ecabc3e1c71
alfresco-community-repo/source/test-java/org/alfresco/repo/web
History
Andrei Rebegea 02928e266a MNT-17427 : api/invite/cancel deletes records in the database with a GET: CSRF/XSS attack 
- delete the script/org/alfresco/repository/invite/invite.get
   - use the alternatives: script/org/alfresco/repository/site/invitation/invitation.post and script/org/alfresco/repository/site/invitation/invitation.delete
   - updating the tests
   - updating the controller for the invitation.delete to a java controller
   - fix test fallout (SiteServiceTest testInviteDisabledUser - expected error status code)
   - improve security by allowing only invitationIDs that belong the the site passed as parameter to be canceled
   - be consistent and return 404 when an invitationID can not be found

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@135255 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
2017-02-20 09:04:45 +00:00
..
scripts
MNT-17427 : api/invite/cancel deletes records in the database with a GET: CSRF/XSS attack
2017-02-20 09:04:45 +00:00
util
Merged 5.1.N (5.1.2) to 5.2.N (5.2.1)
2016-04-26 13:45:01 +00:00