Maj terminée. Pour consulter la release notes associée voici le lien :
https://about.gitlab.com/releases/2021/07/07/critical-security-release-gitlab-14-0-4-released/

Commit 95b4662e authored by Stephane Glondu's avatar Stephane Glondu
Browse files

Restrict templates to read-only things

parent ff4bb45e
......@@ -232,7 +232,7 @@ module type ELECTION_TEMPLATES = sig
end
module type WEB_ELECTION = sig
module type WEB_ELECTION_RO = sig
module G : GROUP
module E : ELECTION with type elt = G.t
......@@ -242,10 +242,14 @@ module type WEB_ELECTION = sig
val params_fname : string
val public_keys_fname : string
module B : WEB_BALLOT_BOX
module S : ELECTION_SERVICES
end
module type WEB_ELECTION = sig
include WEB_ELECTION_RO
module B : WEB_BALLOT_BOX
end
module type SITE_SERVICES = sig
include CORE_SERVICES
include AUTH_SERVICES
......@@ -263,7 +267,7 @@ end
module type TEMPLATES = sig
val home :
featured:(module WEB_ELECTION) list ->
featured:(module WEB_ELECTION_RO) list ->
unit -> [> `Html ] Eliom_content.Html5.F.elt Lwt.t
val login_dummy :
......@@ -289,7 +293,7 @@ module type TEMPLATES = sig
val login_choose :
unit -> [> `Html ] Eliom_content.Html5.F.elt Lwt.t
module Election (W : WEB_ELECTION) : ELECTION_TEMPLATES
module Election (W : WEB_ELECTION_RO) : ELECTION_TEMPLATES
end
......
......@@ -97,7 +97,8 @@ module Make (C : CONFIG) : SITE = struct
let module W = R.W in
let module X : EMPTY = R.Register (S) (T.Election (W)) in
let election = (module W : WEB_ELECTION) in
if W.featured then featured := election :: !featured;
let election_ro = (module W : WEB_ELECTION_RO) in
if W.featured then featured := election_ro :: !featured;
return election
let () = let module X : EMPTY = Auth.Register (S) (T) in ()
......
......@@ -90,7 +90,7 @@ module Make (S : SITE_SERVICES) : TEMPLATES = struct
]))
let format_one_featured_election election =
let module W = (val election : WEB_ELECTION) in
let module W = (val election : WEB_ELECTION_RO) in
let e = W.election.e_params in
li [
h3 [
......@@ -186,7 +186,7 @@ module Make (S : SITE_SERVICES) : TEMPLATES = struct
uri
contents
module Election (W : WEB_ELECTION) = struct
module Election (W : WEB_ELECTION_RO) = struct
let file x = Eliom_service.preapply W.S.election_dir x
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment