Mentions légales du service

Skip to content
Snippets Groups Projects
Commit 15477c18 authored by Idir Lankri's avatar Idir Lankri
Browse files

Fix a critical vulnerability of the corpus manager

When the platform is installed in server mode, if the user edit the URL
in his browser's address bar, he can get writing permissions on the
corpus stored on the server.
parent 0dd5926e
Branches fix-vulnerability
No related tags found
1 merge request!10Fix a critical vulnerability of the corpus manager
......@@ -266,12 +266,19 @@ module Make (Loc : Location) : S = struct
| Manager -> "manager"
]
;
value permission_of_string = fun
[ "annotator" -> Annotator
| "manager" -> Manager
| _ -> Reader
value restrict_permission perm =
match Html.target with
[ Html.Server -> Reader
| Html.Simputer | Html.Computer | Html.Station -> perm
]
;
value permission_of_string s = s |> to_perm |> restrict_permission
where to_perm = fun
[ "annotator" -> Annotator
| "manager" -> Manager
| _ -> Reader
]
;
value url dir permission sentence =
let analysis = Sentence.analysis sentence in
let env =
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment