##// END OF EJS Templates
security: make sure the admin of repo can only delete comments which are from the same repo....
security: make sure the admin of repo can only delete comments which are from the same repo. - fixes IDOR issue - protects against other people comment deletion by repo admins.

File last commit:

r1282:90601d74 default
r1818:1ced1b24 default
Show More
plugin_init.mako
16 lines | 561 B | application/x-mako | MakoHtmlLexer
<script>
var CHANNELSTREAM_URLS = ${config['url_gen'](request)|n};
%if request.registry.rhodecode_plugins['channelstream']['enabled'] and c.rhodecode_user.username != h.DEFAULT_USER:
var CHANNELSTREAM_SETTINGS = {
'enabled': true,
'ws_location': '${request.registry.settings.get('channelstream.ws_url')}',
'webapp_location': '${h.url('/', qualified=True)[:-1]}'
};
%else:
var CHANNELSTREAM_SETTINGS = {
'enabled':false,
'ws_location': '',
'webapp_location': ''};
%endif
</script>