mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 05:36:00 +00:00
e765e61854
Altered access & usage of the /search/users/select endpoint with the following changes: - Removed searching of email address to prevent email detail discovery via hunting via search queries. - Required the user to be logged in and have permission to manage users or manage permissions on items in some way. - Removed the user migration option on user delete unless they have permission to manage users. For #3108 Reported in https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca/ Reported by @haxatron |
||
---|---|---|
.. | ||
Api | ||
Auth | ||
Commands | ||
Entity | ||
Helpers | ||
Permissions | ||
Settings | ||
test-data | ||
Unit | ||
Uploads | ||
User | ||
AuditLogTest.php | ||
CreatesApplication.php | ||
DebugViewTest.php | ||
ErrorTest.php | ||
FavouriteTest.php | ||
HomepageTest.php | ||
LanguageTest.php | ||
OpenGraphTest.php | ||
PublicActionTest.php | ||
RecycleBinTest.php | ||
SecurityHeaderTest.php | ||
SharedTestHelpers.php | ||
StatusTest.php | ||
TestCase.php | ||
TestEmailTest.php | ||
TestResponse.php | ||
ThemeTest.php |