Legacy issue tracker

You are currently viewing the legacy bug tracker for MediaGoblin. We have now switched to code hosting and issue tracking at SourceHut.

This legacy issue tracker remains available to allow us to reference old issues. If you find a ticket here which is still relevant, please feel free to continue the discussion. For new issues, please use SourceHut.

Context Navigation

← Previous Ticket
Next Ticket →

Opened 13 years ago

Last modified 12 years ago

#280 closed defect (FIXED)

One can post comments for non existent media

Reported by:	Elrond	Owned by:	Christopher Allan Webber
Priority:	major	Milestone:	0.1.0
Component:	programming	Keywords:
Cc:		Parent Tickets:

Description

media\_post\_comment blindly takes the media id from
matchdict['media'], which is just filled in from the POST URL. So
by faking up a POST URL one can add comments for non existent
media.

I *think* a simple ``get_user_media_entry`` decorator and a little
rewriting should do the trick.

Priority High: This can be used to fill the db with invisible
cruft!
Estimated Time 1.5 h: The code change is done in 10 minutes, but
testing it requires to either write test code or fiddle with yuor
browser

Change History (3)

comment:1 by Elrond, 13 years ago

Component:	→ Programming

comment:1 by Christopher Allan Webber, 12 years ago

Milestone:	→ 0.1.0
Owner:	set to Christopher Webber
Status:	New → Closed

FIXED! just in time for 0.1.0 ;)

comment:2 by Will Kahn-Greene, 12 years ago

The original url for this bug was http://bugs.foocorp.net/issues/621 .

Note: See TracTickets for help on using tickets.

Download in other formats: