You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@esme.apache.org by Ethan Jewett <es...@gmail.com> on 2010/01/03 16:52:59 UTC
Posting message to pool strips tags - Bug?
Hi,
I've got Jira issue 151
(https://issues.apache.org/jira/browse/ESME-151) created because Sig
(Thingamy) is reporting issues posting messages to pools.
Specifically, tags are stripped when posting to a pool.
The reason is little code snippet in the UserActor.scala file:
val tagLst = pool match {
case Empty => tags.removeDuplicates.map(Tag.findOrCreate)
case _ => Nil
}
It removes tags when a message is posted to a pool.
Is there here for a reason? Is there a security reason? It's
definitely something we need to fix, but I want to be sure that I'm
not exposing messages in a pool through the tag UI.
I think I will go ahead and fix this so that Sig can continue, but if
there is something else that needs to be adjusted, please let me know
and I'll work on that as well.
Thanks,
Ethan
Re: Posting message to pool strips tags - Bug?
Posted by Vassil Dichev <vd...@gmail.com>.
> Ok, sounds good. This change is now committed.
Whew, you're fast :)
Re: Posting message to pool strips tags - Bug?
Posted by Ethan Jewett <es...@gmail.com>.
Ok, sounds good. This change is now committed.
Thanks,
Ethan
On Sun, Jan 3, 2010 at 10:17 AM, Vassil Dichev <vd...@apache.org> wrote:
> I think tags were filtered because at that time there was a
> possibility for tags to escape the private timeline of a certain user
> into the tag cloud of users who are not supposed to see this. Looking
> at the code right now, I think there's no way for this to happen,
> since tags are only extracted from messages which the user has
> permissions to see. You could revert the code to the block in the
> Empty case.
>
>
> On Sun, Jan 3, 2010 at 6:01 PM, Richard Hirsch <hi...@gmail.com> wrote:
>> Doesn't make much sense to me.
>>
>> Probably Vassil knows the reason why this code is present since the
>> pool is code is from him.
>>
>> D.
>>
>>
>> On Sun, Jan 3, 2010 at 4:52 PM, Ethan Jewett <es...@gmail.com> wrote:
>>> Hi,
>>>
>>> I've got Jira issue 151
>>> (https://issues.apache.org/jira/browse/ESME-151) created because Sig
>>> (Thingamy) is reporting issues posting messages to pools.
>>> Specifically, tags are stripped when posting to a pool.
>>>
>>> The reason is little code snippet in the UserActor.scala file:
>>>
>>> val tagLst = pool match {
>>> case Empty => tags.removeDuplicates.map(Tag.findOrCreate)
>>> case _ => Nil
>>> }
>>>
>>> It removes tags when a message is posted to a pool.
>>>
>>> Is there here for a reason? Is there a security reason? It's
>>> definitely something we need to fix, but I want to be sure that I'm
>>> not exposing messages in a pool through the tag UI.
>>>
>>> I think I will go ahead and fix this so that Sig can continue, but if
>>> there is something else that needs to be adjusted, please let me know
>>> and I'll work on that as well.
>>>
>>> Thanks,
>>> Ethan
>>>
>>
>
Re: Posting message to pool strips tags - Bug?
Posted by Vassil Dichev <vd...@apache.org>.
I think tags were filtered because at that time there was a
possibility for tags to escape the private timeline of a certain user
into the tag cloud of users who are not supposed to see this. Looking
at the code right now, I think there's no way for this to happen,
since tags are only extracted from messages which the user has
permissions to see. You could revert the code to the block in the
Empty case.
On Sun, Jan 3, 2010 at 6:01 PM, Richard Hirsch <hi...@gmail.com> wrote:
> Doesn't make much sense to me.
>
> Probably Vassil knows the reason why this code is present since the
> pool is code is from him.
>
> D.
>
>
> On Sun, Jan 3, 2010 at 4:52 PM, Ethan Jewett <es...@gmail.com> wrote:
>> Hi,
>>
>> I've got Jira issue 151
>> (https://issues.apache.org/jira/browse/ESME-151) created because Sig
>> (Thingamy) is reporting issues posting messages to pools.
>> Specifically, tags are stripped when posting to a pool.
>>
>> The reason is little code snippet in the UserActor.scala file:
>>
>> val tagLst = pool match {
>> case Empty => tags.removeDuplicates.map(Tag.findOrCreate)
>> case _ => Nil
>> }
>>
>> It removes tags when a message is posted to a pool.
>>
>> Is there here for a reason? Is there a security reason? It's
>> definitely something we need to fix, but I want to be sure that I'm
>> not exposing messages in a pool through the tag UI.
>>
>> I think I will go ahead and fix this so that Sig can continue, but if
>> there is something else that needs to be adjusted, please let me know
>> and I'll work on that as well.
>>
>> Thanks,
>> Ethan
>>
>
Re: Posting message to pool strips tags - Bug?
Posted by Richard Hirsch <hi...@gmail.com>.
Doesn't make much sense to me.
Probably Vassil knows the reason why this code is present since the
pool is code is from him.
D.
On Sun, Jan 3, 2010 at 4:52 PM, Ethan Jewett <es...@gmail.com> wrote:
> Hi,
>
> I've got Jira issue 151
> (https://issues.apache.org/jira/browse/ESME-151) created because Sig
> (Thingamy) is reporting issues posting messages to pools.
> Specifically, tags are stripped when posting to a pool.
>
> The reason is little code snippet in the UserActor.scala file:
>
> val tagLst = pool match {
> case Empty => tags.removeDuplicates.map(Tag.findOrCreate)
> case _ => Nil
> }
>
> It removes tags when a message is posted to a pool.
>
> Is there here for a reason? Is there a security reason? It's
> definitely something we need to fix, but I want to be sure that I'm
> not exposing messages in a pool through the tag UI.
>
> I think I will go ahead and fix this so that Sig can continue, but if
> there is something else that needs to be adjusted, please let me know
> and I'll work on that as well.
>
> Thanks,
> Ethan
>