{5} Accepted, Active Tickets by Owner (Full Description) (3 matches)
List tickets accepted, group by ticket owner. This report demonstrates the use of full-row display.
hbock (1 match)
| Ticket | Summary | Component | Milestone | Type | Created | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #96 | Referrer isn't checked for links and forms with side effects | Periscope | defect | 08/11/09 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
The referrer isn't checked for GET and POST requests with side effects (creating and deleting users, logging out, etc. etc.). I did not check every form or link, but the problem is assumed to be universal. Vulnerable to CSRF and XSRF (using http://nautilus.oshean.org/ticket/92). |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
sam (2 matches)
| Ticket | Summary | Component | Milestone | Type | Created | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #101 | Add a many-to-many relationship table for user filters. | Periscope | defect | 12/05/09 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Currently a user's filters are listed in the WEB_USER table as a string column that is comma-separated. This is Bad Design (TM). Create a table that uniquely maps a user ID to a filter ID, with foreign key constraints on both (needs ON DELETE CASCADE!). Use the UNIQUE constraint on the user and filter ID fields. This will make it so when a filter/user is deleted, the corresponding relation between user ID and filter is automatically and recursively deleted by the database. Magic. Modify INITIALIZE-INSTANCE :AFTER for the WEB-USER class to query for and fill in the filters slot in WEB-USER. Remove the column-type definition for the FILTERS slot in DEFCLASS, as it will no longer be a column in the WEB_USER table. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| #102 | Make a DEFINE-PERISCOPE-PAGE macro | Periscope | enhancement | 12/05/09 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
I've looked around and noticed that there's a lot of code of the form (define-easy-handler (page :uri "/page")
(parameters*)
(with-periscope-page ...
))
Abstract this out and collapse it into a macro DEFINE-PERISCOPE-PAGE that expands to this pattern. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
