Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-01 05:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
e765e61854
BookStack/tests/User
History
Dan Brown e765e61854
Addressed user detail harvesting issue 
Altered access & usage of the /search/users/select endpoint with the
following changes:
- Removed searching of email address to prevent email detail discovery
  via hunting via search queries.
- Required the user to be logged in and have permission to manage users
  or manage permissions on items in some way.
- Removed the user migration option on user delete unless they have
  permission to manage users.

For #3108
Reported in https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca/
Reported by @haxatron
2021-12-14 18:47:22 +00:00
..
UserApiTokenTest.php Apply fixes from StyleCI 2021-06-26 15:23:15 +00:00
UserManagementTest.php Addressed user detail harvesting issue 2021-12-14 18:47:22 +00:00
UserPreferencesTest.php Removed browserkit from a couple of classess 2021-09-13 22:54:21 +01:00
UserProfileTest.php Laravel 8 shift squash & merge (#3029) 2021-10-30 21:29:59 +01:00
UserSearchTest.php Addressed user detail harvesting issue 2021-12-14 18:47:22 +00:00