[FIX] potential bug in server-side web framework, now forbids users to call method...

author niv-openerp <nicolas.vanhoren@openerp.com>

Fri, 18 Oct 2013 12:57:27 +0000 (14:57 +0200)

committer niv-openerp <nicolas.vanhoren@openerp.com>

Fri, 18 Oct 2013 12:57:27 +0000 (14:57 +0200)
author niv-openerp <nicolas.vanhoren@openerp.com>
Fri, 18 Oct 2013 12:57:27 +0000 (14:57 +0200)
committer niv-openerp <nicolas.vanhoren@openerp.com>
Fri, 18 Oct 2013 12:57:27 +0000 (14:57 +0200)
diff --git a/addons/web/http.py b/addons/web/http.py

index 7e12a71..4bda581 100644 (file)
--- a/addons/web/http.py
+++ b/addons/web/http.py
@@ -189,6 +189,8 @@ class WebRequest(object):
  
  def auth_method_user():
      request.uid = request.session.uid
+    if not request.uid:
+        raise SessionExpiredException("Session expired")
  
  def auth_method_admin():
      if not request.db:
author	niv-openerp <nicolas.vanhoren@openerp.com>
	Fri, 18 Oct 2013 12:57:27 +0000 (14:57 +0200)
committer	niv-openerp <nicolas.vanhoren@openerp.com>
	Fri, 18 Oct 2013 12:57:27 +0000 (14:57 +0200)