Monday, 2010-01-25

*** tpb has joined #melange00:00
*** Merio has quit IRC00:07
*** diones has quit IRC00:18
*** MatthewWilkes has quit IRC01:08
*** MatthewWilkes has joined #melange01:09
*** matthewwilkes_ has joined #melange01:54
*** matthewwilkes_ has quit IRC02:02
*** MatthewWilkes has quit IRC02:07
*** MatthewWilkes has joined #melange02:13
*** MatthewWilkes has quit IRC03:08
*** Merio has joined #melange10:00
*** ChanServ sets mode: +v Merio10:00
*** dr__house has joined #melange10:14
*** madrazr has joined #melange10:58
*** ChanServ sets mode: +v madrazr10:58
*** madrazr has quit IRC11:45
*** MatthewWilkes has joined #melange12:00
*** veelck has joined #melange13:18
*** matthewwilkes_ has joined #melange14:12
*** MatthewWilkes has quit IRC14:27
*** dr__house has quit IRC14:33
*** madrazr has joined #melange15:10
*** ChanServ sets mode: +v madrazr15:10
*** madrazr has quit IRC15:37
*** ThomasWaldmann has quit IRC15:41
*** ThomasWaldmann has joined #melange15:42
*** johndbritton has joined #melange16:11
*** johndbritton has quit IRC16:20
*** johndbritton has joined #melange16:20
*** johndbritton has joined #melange16:21
*** matthewwilkes_ is now known as MatthewWilkes17:24
*** johndbritton has quit IRC18:25
*** ThomasWaldmann has quit IRC18:25
*** arun has quit IRC18:25
*** Merio has quit IRC18:25
*** scorche|sh has quit IRC18:25
*** lisppaste9 has quit IRC18:25
*** veelck has quit IRC18:25
*** dreimark has quit IRC18:25
*** MatthewWilkes has quit IRC18:25
*** scorche has quit IRC18:25
*** schultmc_ has quit IRC18:25
*** nuba has quit IRC18:25
*** Erant has quit IRC18:25
*** durin42 has quit IRC18:25
*** schultmc has quit IRC18:25
*** johndbritton has joined #melange18:32
*** ThomasWaldmann has joined #melange18:32
*** MatthewWilkes has joined #melange18:32
*** veelck has joined #melange18:32
*** Merio has joined #melange18:32
*** arun has joined #melange18:32
*** scorche has joined #melange18:32
*** lisppaste9 has joined #melange18:32
*** scorche|sh has joined #melange18:32
*** schultmc_ has joined #melange18:32
*** dreimark has joined #melange18:32
*** Erant has joined #melange18:32
*** nuba has joined #melange18:32
*** irc.freenode.net sets mode: +v Merio18:32
*** schultmc has joined #melange18:33
*** durin42 has joined #melange18:33
*** irc.freenode.net sets mode: +v durin4218:33
*** dhaun has joined #melange18:48
*** MatthewWilkes has quit IRC18:49
*** MatthewWilkes has joined #melange18:51
*** Lennie has joined #melange19:36
*** ChanServ sets mode: +o Lennie19:36
*** diones has joined #melange21:14
dionesLennie: hi lennie21:15
Lennieo hi21:15
dionesLennie: I have copy pasted a link to a task21:15
dionesas a admin21:16
dionesand then tried to access it as a user21:16
Lennieand it failed :D21:16
dionesit 404'd21:16
Lennieyeah21:16
LennieI noticed that one this morning when trying it myself21:16
dioneshow did erant accessed that page?21:17
LennieI guess it worked in that revision21:17
dionesErant: explain yourself :D21:17
ErantWhat page21:17
LennieErant you haczors :D21:17
dionesthe task list page21:17
Lenniediones is fixing your XSS exploit :P21:17
ErantEuhm21:17
Lenniehe could just access it because back then it worked :P21:17
Lennieapparently something fails now21:18
dioneshmmmmmmmmmmm21:18
dionesI see21:18
ErantRegression tests ftw.21:18
dioneswell the problem solved it self xD21:18
Lennieit did? :P21:18
Erant"Impossible to perform XSS attack now"21:18
Erant'Fixed'21:18
Lennieno :p21:19
Lennienearly impossible to do POST request forgery yes :021:19
dioneswell we need to fix the access to tasks right?21:19
Lennieyou could login as an org admin right?21:19
Lennieand view the task?21:19
Lenniethat should be enough for this purpose21:20
dionesyes21:20
dioneswell it seems like a feature to me21:21
dionesin some sense21:21
dionesthe cleaner was built in a way to ignore checking if the user is logged as an administrator21:22
dionesdisabling that could result in unforeseeable consequences21:22
Erantorly. How exactly is this checked...21:23
dioneshttp://code.google.com/p/soc/source/browse/app/soc/logic/cleaning.py#39721:24
tpb<http://ln-s.net/4sFa> (at code.google.com)21:24
dionesyarly21:24
Lenniehmmm21:26
Lenniewas talking about org admin21:26
Lennienot developer21:26
Lenniewhich is what it skips21:26
Erantk. Looks fine.21:27
ErantJust checking. I'll probably go do more poking when there's a bit more to poke at. Not that I expect to find anything with the new security dude.21:28
Lenniehehe21:30
Lenniediones, are you able to visit the task page purely as mentor or org admin?21:30
Lennienot as a developer21:30
dionesLennie: I'll look into it21:49
*** johndbritton has quit IRC21:54
Lenniemost kind diones :)22:16
LennieI'm off22:16
Lenniettyal22:16
*** Lennie has quit IRC22:24
*** dhaun has quit IRC22:26
*** diones has quit IRC22:42
*** diones has joined #melange22:45
*** Merio has quit IRC23:14
*** diones has quit IRC23:51

Generated by irclog2html.py 2.13.1 by Marius Gedminas - find it at mg.pov.lt!