[dev] [cvs] commit: genie/lib Driver.php
Chuck Hagenbuch
chuck at horde.org
Fri Nov 30 15:54:09 UTC 2007
Quoting Duck <duck at obala.net>:
>> > Items has already their unique ID (autoincremented) so we don't
>> > need to check two indexes to get the item.
>>
>> I didn't look at the complete code, but this could be safeguard that
>> people can only change their own items.
>>
>> Jan.
>
> We already chack the Share permissions before the driver method is called.
But that doesn't ensure that the itemid belongs to the share that was checked.
-chuck
More information about the dev
mailing list