What steps will reproduce the problem?
1. Edit a template that user has access to
2. Use a tool to tamper the request data when saving before it is sent to
server, such that you change the template id and various parameters to refer to
a template that is not shared and the user doesn't have access to.
What is the expected output? What do you see instead?
1. The server should validate that template is allowed to be edited by the user
and throw an error if it isn't, rather than attempt to save it.
Original issue reported on code.google.com by joshdrum...@gmail.com on 4 Dec 2010 at 12:55
Original issue reported on code.google.com by
joshdrum...@gmail.com
on 4 Dec 2010 at 12:55