| Key: |
QB-1337
|
| Type: |
Improvement
|
| Status: |
Resolved
|
| Resolution: |
Fixed
|
| Priority: |
Critical
|
| Assignee: |
Unassigned
|
| Reporter: |
Robin Shen
|
| Votes: |
0
|
| Watchers: |
0
|
|
If you were logged in you would be able to see more operations.
|
|
|
QuickBuild
Created: 13/Aug/12 06:13 AM
Updated: 13/Aug/12 11:22 AM
|
|
| Component/s: |
None
|
| Affects Version/s: |
4.0.50
|
| Fix Version/s: |
4.0.51
|
|
|
Original Estimate:
|
Unknown
|
Remaining Estimate:
|
Unknown
|
Time Spent:
|
Unknown
|
|
|
Now a separate permission "Allow script" is added to group. For gadget title and message gadget, the script will only be evaluated if the containing dashboard is created by an user belong to group with such permission. This also holds true for user's email field.
|
|
Description
|
Now a separate permission "Allow script" is added to group. For gadget title and message gadget, the script will only be evaluated if the containing dashboard is created by an user belong to group with such permission. This also holds true for user's email field. |
Show » |
| There are no comments yet on this issue.
|
|
It is a security risk that every user can execute arbitrary script by scripting the gadget title and the email field