-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable updating DFR3 objects through POST method #22
Comments
ghost
added this to the 1.6.0 milestone
Oct 5, 2021
ghost
self-assigned this
Oct 13, 2021
ghost
pushed a commit
that referenced
this issue
Oct 20, 2021
ghost
pushed a commit
that referenced
this issue
Oct 20, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
ghost
pushed a commit
that referenced
this issue
Oct 21, 2021
navarroc
added a commit
that referenced
this issue
Oct 22, 2021
#22: Disable setting an id during eq creation
ghost
linked a pull request
Oct 25, 2021
that will
close
this issue
ghost
closed this as completed
Nov 2, 2021
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Dylan uses pyincore’s create_dfr3_set() method(POST api call) and provides an “id” of an existing DFR3 set in the JSON and it actually updates it. I tested it just now and it works that way. Does anyone know if this is an intended feature or just a bug (with unintended benefits). It also seems that, this option allows a user to “update” someone else’s DFR3, even though they don’t have privileges to do so - this could be exploited.
We should disable this feature(bug) on the DFR3 service
The text was updated successfully, but these errors were encountered: