admins cannot revoke sessions owned by other users #4856
Comments
|
Ouch. So you couldn't have done it when I asked anyway? |
|
Thanks for triaging this but 😄 |
BenLubar
added a commit
to boomzillawtf/tdwtf
that referenced
this issue
Jul 15, 2016
…odeBB#4856> - Fixed: permanent bans from the user's profile <NodeBB/NodeBB#4855> - Fixed: "opening a topic page in background tab in Firefox 46.0.1 makes the page bugged" <NodeBB-Community/nodebb-plugin-emoji-extended@668d4ca>
This was referenced Oct 17, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://github.com/boomzillawtf/tdwtf/tree/4866fca68b869575725e29627b5768ea868aa7fc
3df7bae
Sessions cannot be revoked for other users because this line retrieves the current user's sessions:
NodeBB/src/controllers/accounts/session.js
Line 19 in 3df7bae
Instead of
req.uid, it should usereq.locals.uid, which is set bymiddleware.exposeUidThe text was updated successfully, but these errors were encountered: