Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Non-assigned zone config can be viewed by any user #210

Closed
Vringe opened this issue Apr 30, 2015 · 1 comment
Closed

Non-assigned zone config can be viewed by any user #210

Vringe opened this issue Apr 30, 2015 · 1 comment
Labels

Comments

@Vringe
Copy link
Contributor

@Vringe Vringe commented Apr 30, 2015

The url for previewing the config file is: https://example.com/preview.php?server_serial_no=-1&config=zone&domain_id=44

The domain_id can be easily changed to view an other config file which not must be assigned to the current user.

Tested in 2.0

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented May 3, 2015

Confirmed along with viewing the full server config when the user is not privileged to. These have been fixed in 2.0.1.

@WillyXJ WillyXJ closed this May 3, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants