Non-assigned zone config can be viewed by any user #210
Labels
Comments
WillyXJ
pushed a commit
that referenced
this issue
May 2, 2015
Confirmed along with viewing the full server config when the user is not privileged to. These have been fixed in 2.0.1. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The url for previewing the config file is: https://example.com/preview.php?server_serial_no=-1&config=zone&domain_id=44
The domain_id can be easily changed to view an other config file which not must be assigned to the current user.
Tested in 2.0
The text was updated successfully, but these errors were encountered: