Нови задатак

#10 Bypassing authorization

Затворено

отворено пре 5 година од sindre · 0 коментара

User privilege validation is mostly performed on the client side. In this case it allows outside users without project access to perform task-deliveries and accept tasks. This must be done by sending a plain HTTP request instead of interacting through the client web page.

sindre added this to the Required fixes milestone пре 5 година

sindre added the

broken access control

label пре 5 година

sindre added the

bug

label пре 5 година

sindre added the

webpy

label пре 5 година

sindre поменуо овај задатак у комит пре 5 година

Check permissions and ownership when changing a project Fixes #10

sindre затворено пре 5 година

Пријавите се да се прикључе у овом разговору.

broken access control

bug

webpy

Required fixes

No Assignees

1 учесника

Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.