New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists

Item12411: rest validates the request even if validation disabled in core.

Priority: Normal
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Engine
Component: FoswikiUIRest
Branches: trunk
Reported By: MichaelDaum
Waiting For:
Last Change By: GeorgeClark
Index: lib/Foswiki/Plugins/
--- lib/Foswiki/Plugins/   (revision 16564)
+++ lib/Foswiki/Plugins/   (working copy)
@@ -35,7 +35,7 @@
         'removeUser', \&_RESTremoveUser,
         authenticate => 1,
-        validate     => 1,
+        validate     => $Foswiki::cfg{Validation}{Method} eq 'strikeone' ? 1:0,
         http_allow   => 'POST'

-- MichaelDaum - 27 Feb 2013

Hi Sven, I've checked in the fix. Would you like to make a new release, or should I take it over for you?

-- MichaelDaum - 04 Nov 2013

go, do - no point holding things up

-- SvenDowideit - 05 Nov 2013

Hm... Is this a core bug? If foswiki core is configured to not do validation, then the plugin request for this feature should be ignored.

-- GeorgeClark - 21 Apr 2014

Yes, I think so too.

-- MichaelDaum - 21 Apr 2014

Changing this bug to core and fixing it along with some other rest changes. AntiWikiSpamPlugin still requires the fix, so that it's backwards compatible with Foswiki 1.1

-- GeorgeClark - 21 Apr 2014
Topic revision: r11 - 05 Jul 2015, GeorgeClark - This page was cached on 22 Jun 2018 - 00:08.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy