A little hole is:
158 + def upload_image_multi(self, req, callback, ufile):
As you can see it is not asking for the session object to validate ACL. I dob have time now to prepare an use case, but it is dangerous.
See how i think we have an important security hole with the approach as you solve it to upload files.
https://dl.dropboxusercontent.com/u/2428846/Captura%20de%20pantalla%202013-09-28%20a%20la%28s%29%2001.14.21.png
« Back to merge proposal
A little hole is:
158 + def upload_ image_multi( self, req, callback, ufile):
As you can see it is not asking for the session object to validate ACL. I dob have time now to prepare an use case, but it is dangerous.
See how i think we have an important security hole with the approach as you solve it to upload files.
https:/ /dl.dropboxuser content. com/u/2428846/ Captura% 20de%20pantalla %202013- 09-28%20a% 20la%28s% 29%2001. 14.21.png