audrius/web
1
0
Fork 1
mirror of https://github.com/OCA/web.git synced 2025-02-22 13:21:25 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,440 Commits 15 Branches 0 Tags
d21c87f5250b24f3d1dd59df7c093aaa460e4015
Commit Graph

5 Commits

Author SHA1 Message Date
Guewen Baconnier
d21c87f525 Prevent to send web notifications to other users 
Only the admin user (sudo) is allowed to send notifications to other
users. The normal users can only send notifications to themselves.

This is to prevent attackers to craft malicious notifications and send
them to other users using RPC.

Correction based on the idea of @hbrunn
 2023-01-05 16:40:06 +01:00
Damien Bouvy
08e18cdf62 [MIG] web_notify: Migration to 11.0 
- Use the 'session' class of the JS Framework (session no lounger bound
to web client)
- Test change: compare emitted & received messages based on content, not
order. Using string comparison raises false positives.
 2023-01-05 16:40:06 +01:00
Serpent Consulting Services Pvt Ltd
1faa8a9cf9 Update web_client.js 2023-01-05 16:40:06 +01:00
Jay Vora(SerpentCS)
b18c6cf1c7 [MIG] Migration started web_notify 2023-01-05 16:40:06 +01:00
Pedro M. Baeza
0973b92ccf [MIG] Make modules uninstallable 2023-01-05 16:40:06 +01:00