stack/erp5: backport a Products.BTreeFolder2 fix for "Delete All Objects"
-
Owner
continuing discussion from 247de005 ( the old commit before rebase and push to master )
Jérome Perrin @jerome · 9 hours ago
@yusei I had backported this patch already, but I could not find the time to test it and push it
Yusei Tahara @yusei · 52 minutes ago
I did not notice that we had patches in slapos. I am really worry about this functionality, it is too dangerous. What about to override manage_delAllObjects and completely disable this function. At least I will make such a patch for all my projects.
Yes, this was a dangerous feature and not so useful. I sometimes want to remove all documents in modules, so I don't feel it is 100% useless, but not really useful. Now that there is a confirmation I was thinking this reduces the risk of accidentally clicking and deleting all, maybe it's enough ( but if we remove the button it's also OK for me )
-
Owner
In my experience, I saw some developers who was unbelievably careless and made serious mistakes. I might see such a developer again in future and our customer might lose their important data. If there is no self-destruct function, then even careless developer can't destroy ERP5. So I really would like to disable
manage_delAllObjects
to save our future. -
Owner
So, I will make a hot-fix to disable
manage_delAllObjects
in ERP5 repository. -
Owner
In a sense it's similar to "rm" command which deletes files and can delete important files, but this would be the equivalent of a desktop shortcut for "rm -rf /" :)
There's also a security issue with this, because
manage_delAllObjects
does not check the request (some sensitive ZMI methods now check that REQUEST is POST method), so an attacker could try to trick admin into clicking a malicious link, or viewing a malicious image, that would delete a module content. If we are going to patch more, the safest seems to makemanage_delAllObjects
do nothing. -
Owner
There's also a security issue with this
Ah that is a good point. Such a function is OK when user stores less important data in BTreeFolder2. However, it is not suitable for us because ERP5 is a mission-critical application.