[jifty-devel] Re: [Jifty-commit] r808 - in jifty/trunk: lib
lib/Jifty t
Alex Vandiver
alexmv at bestpractical.com
Wed Apr 5 13:30:04 EDT 2006
On Wed, 2006-04-05 at 13:26 -0400, Alex Vandiver wrote:
> Just to be explicit, this change is *breaks backwards compatibility*.
> Calls that were of the form:
>
> Jifty->web->allow_actions( ... )
>
> ..will need to be changed to:
>
> Jifty->api->allow( ... )
Oh, it also changes the default permissions, disallowing
Jifty::Action::Devel::* and Jifty::Action::Record::*, which were
security holes. The former allowed you to write to any file on the
server's disk which was writable by the webserver. Potentially useful
in a development environment, but not something you want for your
production code. ;>
- Alex
More information about the jifty-devel
mailing list