Ticket #8103 (closed defect: fixed)

Opened 3 years ago

Last modified 3 years ago

Published worksheets aren't inert

Reported by: mpatel Owned by: was
Priority: critical Milestone: sage-4.3.2
Component: notebook Keywords:
Cc: timdumol, was Work issues:
Report Upstream: N/A Reviewers: William Stein
Authors: Mitesh Patel Merged in: sagenb-0.7.1
Dependencies: Stopgaps:

Description

It's possible to modify published worksheets, by appending worksheet commands to their URLs.

Attachments

trac_8103-pub_worksheet_cmd.patch Download (796 bytes) - added by mpatel 3 years ago.
Disable published worksheet commands other than 'alive'. sagenb repo.
trac_8103-pub_worksheet_cmd.2.patch Download (909 bytes) - added by mpatel 3 years ago.
Less draconian restrictions. Replaces previous.
trac_8103-pub_worksheet_cmd.3.patch Download (981 bytes) - added by mpatel 3 years ago.
Closer to the truth. Replaces previous.

Change History

Changed 3 years ago by mpatel

Disable published worksheet commands other than 'alive'. sagenb repo.

comment:1 Changed 3 years ago by mpatel

  • Status changed from new to needs_review

I've attached a patch for testing and review.

comment:2 Changed 3 years ago by mpatel

If/when we fix this, I can include the patch in SageNB 0.7.1 at #8051.

comment:3 Changed 3 years ago by was

  • Status changed from needs_review to positive_review

Changed 3 years ago by mpatel

Less draconian restrictions. Replaces previous.

comment:4 Changed 3 years ago by mpatel

  • Status changed from positive_review to needs_work

comment:5 Changed 3 years ago by mpatel

  • Status changed from needs_work to needs_review

comment:6 Changed 3 years ago by mpatel

  • Reviewers set to William Stein
  • Authors set to Mitesh Patel

Changed 3 years ago by mpatel

Closer to the truth. Replaces previous.

comment:7 Changed 3 years ago by mpatel

I apologize for the sloppy patches. I should have looked at my patch for #6855 (not posted), which implements similar restrictions.

comment:8 Changed 3 years ago by was

  • Status changed from needs_review to positive_review

This looks good.

It's a little annoying since the comment right above the code you added refers to the code *after* the code you added. If one reads that comment after your patch, it could be confusing.

comment:9 Changed 3 years ago by was

  • Status changed from positive_review to needs_work

I just tested this and it doesn't work anyways.

comment:10 Changed 3 years ago by was

  • Status changed from needs_work to needs_review

Actually it is fine. I just had trouble because I had mis-applied your patch.

comment:11 Changed 3 years ago by was

  • Status changed from needs_review to positive_review

comment:12 Changed 3 years ago by mpatel

  • Status changed from positive_review to closed
  • Resolution set to fixed
  • Merged in set to sagenb-0.7.1
Note: See TracTickets for help on using tickets.