Menu

#708 Improve hardreject.cgi security

Approved
closed
Ahasuerus
None
5
2014-10-09
2014-10-09
Ahasuerus
No

hardreject.cgi shouldn't let moderators reject submissions that were either created by or are currently on hold by other moderators. Only bureaucrats should be able to reject them in case the submitting/holding moderator is not available. hardreject.cgi should display an appropriate error message if an attempt is made.

Discussion

  • Ahasuerus

    Ahasuerus - 2014-10-09
    • Description has changed:

    Diff:

    --- old
+++ new
@@ -1 +1 @@
-hardreject.cgi shouldn't let moderators reject submissions that are currently on hold by other moderators. Only bureaucrats should be able to reject them in case the holding moderator is not available.
+hardreject.cgi shouldn't let moderators reject submissions that were either created by or are currently on hold by other moderators. Only bureaucrats should be able to reject them in case the submitting/holding moderator is not available. hardreject.cgi should display an appropriate error message if an attempt is made.
    • assigned_to: Ahasuerus
     

  • Ahasuerus

    Ahasuerus - 2014-10-09
    • status: open --> closed
     

  • Ahasuerus

    Ahasuerus - 2014-10-09

    Implemented in mod/hardreject.py 1.4, installed in r2014-238 on 2014-10-08. Closing.

     

Anonymous
Anonymous

Add attachments
Cancel





MongoDB Logo MongoDB