/ 
Jifty-0.60321
/ Jifty::Action::Record::Delete
Security Advisories (4)
CPANSA-Jifty-2011-01 (2011-03-17)

The path as passed in the fragment request data structure was used verbatim in the dispatcher and other locations. This possibly allowed requests to walk around ACLs by requesting '/some/safe/place/../../../dangerous' as a fragment.

CPANSA-Jifty-2009-01 (2009-04-09)

The REST plugin would let you call any method on the model.

CPANSA-Jifty-2008-01 (2009-04-08)

Allowed all actions on GET.

CPANSA-Jifty-2006-01 (2006-07-06)

Jifty did not protect users against a class of remote data access vulnerability. If an attacker knew the structure of your local filesystem and you were using the "standalone" webserver in production, the attacker could gain read only access to local files.

NAME

Jifty::Action::Record::Delete - Automagic delete action

DESCRIPTION

This class is used as the base class for Jifty::Actions that are merely deleting Jifty::Record objects. To use it, subclass it and override the record_class method to return the name of the Jifty::Record subclass that this action should delete.

METHODS

arguments

Overrides the "arguments" in Jifty::Action::Record method to specify that all of the primary keys must have values when submitted; that is, they are constructors. No other arguments are required.

take_action

Overrides the virtual take_action method on Jifty::Action to delete the row from the database.

report_success

Sets the "message" in Jifty::Result to default success message, "Deleted". Override this if you want to report some other more user-friendly result.