/ 
Jifty-0.60221
/ Jifty::Action::Autocomplete
Security Advisories (4)
CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

NAME

Jifty::Action::Autocomplete

DESCRIPTION

A built-in Jifty::Action which returns suggested autocompletions for a given argument of an action. Generally this is called by Jifty's internals through /__jifty/autocomplete.xml.

This action gets its data to /__jifty/autocomplete.xml by filling in the completions of the "content" in Jifty::Result.

arguments

The arguments for Autocomplete are:

action

The moniker of an action we want to pull a field to autocomplete from.

argument

The fully qualified name of the argument to action that we want to complete.

take_action

Find the submitted action in the Jifty::Request named by the action above, and ask it for autocompletion possibilites for the argument in question.