Closed calin-iorgulescu closed 10 years ago
Awesome work!
Damn, you're right. I somehow hoped this wouldn't affect things, but it looks like the double session thing messes up the request (req).
The patch looks good to me, feel free to merge. However, I would suggest moving __getUserResults out of services.py into websutil.py. I think it's best if services.py only contains secured stubs.
Good catch!
Security fixes:
Enhancements: