1
0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-10-30 15:42:41 +01:00
BookStack/app/Auth
Dan Brown e765e61854
Addressed user detail harvesting issue
Altered access & usage of the /search/users/select endpoint with the
following changes:
- Removed searching of email address to prevent email detail discovery
  via hunting via search queries.
- Required the user to be logged in and have permission to manage users
  or manage permissions on items in some way.
- Removed the user migration option on user delete unless they have
  permission to manage users.

For #3108
Reported in https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca/
Reported by @haxatron
2021-12-14 18:47:22 +00:00
..
Access Applied another round of static analysis updates 2021-11-22 23:33:55 +00:00
Permissions Applied StyleCI changes 2021-11-30 14:25:09 +00:00
Role.php Laravel 8 shift squash & merge (#3029) 2021-10-30 21:29:59 +01:00
SocialAccount.php Laravel 7.x Shift (#3011) 2021-10-26 22:04:18 +01:00
User.php Added inital phpstan/larastan setup 2021-11-05 16:18:06 +00:00
UserRepo.php Addressed user detail harvesting issue 2021-12-14 18:47:22 +00:00