2015-03-05 11:24:51 |
Henry Nash |
description |
The manager API for domain-config database updates should raise a DomainConfigNotFound exception if an explicit group or option as been specified in the url (i.e. passed as a parameter to the manager method). Currently the code does check that
a) the group/option is one we support (i.e. whitelisted or sensitive), and
b) the contents of the new config passed contains (and ONLY contains) the specified group or option
...but it doesn't check that the group/option exists in the original config. |
The manager API for domain-config database updates should raise a DomainConfigNotFound exception if an explicit group or option as been specified in the url (i.e. passed as a parameter to the manager method) and that group/option is not present in the existing config. Currently the code does check that
a) the group/option is one we support (i.e. whitelisted or sensitive), and
b) the contents of the new config passed contains (and ONLY contains) the specified group or option
...but it doesn't check that the group/option exists in the original config. |
|