mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-10-26 11:11:56 +00:00
e765e61854
Altered access & usage of the /search/users/select endpoint with the following changes: - Removed searching of email address to prevent email detail discovery via hunting via search queries. - Required the user to be logged in and have permission to manage users or manage permissions on items in some way. - Removed the user migration option on user delete unless they have permission to manage users. For #3108 Reported in https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca/ Reported by @haxatron |
||
|---|---|---|
| .. | ||
| Actions | ||
| Api | ||
| Auth | ||
| Config | ||
| Console | ||
| Entities | ||
| Exceptions | ||
| Facades | ||
| Http | ||
| Interfaces | ||
| Notifications | ||
| Providers | ||
| Settings | ||
| Theming | ||
| Traits | ||
| Translation | ||
| Uploads | ||
| Util | ||
| Application.php | ||
| helpers.php | ||
| Model.php | ||