Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 01:36:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
e43f679e62
BookStack/app/Http/Controllers
History
Dan Brown e765e61854
Addressed user detail harvesting issue 
Altered access & usage of the /search/users/select endpoint with the
following changes:
- Removed searching of email address to prevent email detail discovery
  via hunting via search queries.
- Required the user to be logged in and have permission to manage users
  or manage permissions on items in some way.
- Removed the user migration option on user delete unless they have
  permission to manage users.

For #3108
Reported in https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca/
Reported by @haxatron
2021-12-14 18:47:22 +00:00
..
Api Added url and preview_html params to search API results 2021-12-06 20:42:04 +00:00
Auth Prevented auto-login from direct email confirmation actions 2021-11-15 10:50:28 +00:00
Images Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
AttachmentController.php Fixed page editor back button sometimes going nowhere 2021-11-15 11:19:03 +00:00
AuditLogController.php Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
BookController.php Applied another round of static analysis updates 2021-11-22 23:33:55 +00:00
BookExportController.php Added role permissions for exporting content 2021-08-28 21:48:17 +01:00
BookshelfController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
BookSortController.php Reorgranised blade view files to form a convention 2021-08-22 13:17:32 +01:00
ChapterController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
ChapterExportController.php Added role permissions for exporting content 2021-08-28 21:48:17 +01:00
CommentController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
Controller.php Added an env configurable file upload size limit 2021-11-14 22:03:22 +00:00
FavouriteController.php Done a round of phpstan fixes 2021-11-06 00:32:01 +00:00
HomeController.php Changed homepage card header links to be bottom-card-links 2021-11-23 18:18:49 +00:00
MaintenanceController.php Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
PageController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
PageExportController.php Added role permissions for exporting content 2021-08-28 21:48:17 +01:00
PageRevisionController.php Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
PageTemplateController.php Reorgranised blade view files to form a convention 2021-08-22 13:17:32 +01:00
RecycleBinController.php Applied another set of static analysis improvements 2021-11-20 14:03:56 +00:00
RoleController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
SearchController.php Applied StyleCI changes 2021-11-13 13:28:17 +00:00
SettingController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
StatusController.php Added inital phpstan/larastan setup 2021-11-05 16:18:06 +00:00
TagController.php Applied latest StyleCI changes 2021-11-06 22:00:33 +00:00
UserApiTokenController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
UserController.php Standardised laravel validation to be array based 2021-11-05 00:26:55 +00:00
UserProfileController.php Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
UserSearchController.php Addressed user detail harvesting issue 2021-12-14 18:47:22 +00:00