Commit 382ceb67 authored by Yusei Tahara's avatar Yusei Tahara

Added a todo comment about security.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@15539 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 602aee80
...@@ -3026,6 +3026,8 @@ class ListBoxEditor: ...@@ -3026,6 +3026,8 @@ class ListBoxEditor:
gv[k] = getattr(request, k, None) gv[k] = getattr(request, k, None)
for url, v in self.update_dict.items(): for url, v in self.update_dict.items():
v.update(gv) v.update(gv)
## XXX security check is needed.
## XXX we need to make restricted version of edit method.
self.field.restrictedTraverse(url).edit(**v) self.field.restrictedTraverse(url).edit(**v)
allow_class(ListBoxEditor) allow_class(ListBoxEditor)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment