audrius/web
1
0
Fork 1
mirror of https://github.com/OCA/web.git synced 2025-02-22 13:21:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Prevent to send web notifications to other users

Browse Source 
Only the admin user (sudo) is allowed to send notifications to other
users. The normal users can only send notifications to themselves.

This is to prevent attackers to craft malicious notifications and send
them to other users using RPC.

Correction based on the idea of @hbrunn
This commit is contained in:
Guewen Baconnier
2018-10-08 10:04:36 +02:00
committed by David
parent 77c2b42351
commit d21c87f525
4 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web_notify/__manifest__.py
View File

@@ -5,7 +5,7 @@
'name': 'Web Notify',
'summary': """
Send notification messages to user""",
'version': '11.0.1.0.0',
'version': '11.0.1.1.0',
'description': 'Web Notify',
'license': 'AGPL-3',
'author': 'ACSONE SA/NV,Odoo Community Association (OCA)',