From 382ceb67858aed8ae17851ecd9e1b755a5ac73ab Mon Sep 17 00:00:00 2001
From: Yusei Tahara <yusei@nexedi.com>
Date: Tue, 7 Aug 2007 16:51:29 +0000
Subject: [PATCH] Added a todo comment about security.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@15539 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 product/ERP5Form/ListBox.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/product/ERP5Form/ListBox.py b/product/ERP5Form/ListBox.py
index 297a2feea8..57762eb581 100644
--- a/product/ERP5Form/ListBox.py
+++ b/product/ERP5Form/ListBox.py
@@ -3026,6 +3026,8 @@ class ListBoxEditor:
           gv[k] = getattr(request, k, None)
       for url, v in self.update_dict.items():
         v.update(gv)
+        ## XXX security check is needed.
+        ## XXX we need to make restricted version of edit method.
         self.field.restrictedTraverse(url).edit(**v)
 
 allow_class(ListBoxEditor)
-- 
GitLab