Skip to content

/ facileManager

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non-assigned zone config can be viewed by any user #210

Closed
Vringe opened this issue Apr 30, 2015 · 1 comment
Closed

Non-assigned zone config can be viewed by any user #210

Vringe opened this issue Apr 30, 2015 · 1 comment
Labels
fmDNS

Comments

@Vringe
Copy link
Contributor

@Vringe Vringe commented Apr 30, 2015

The url for previewing the config file is: https://example.com/preview.php?server_serial_no=-1&config=zone&domain_id=44

The domain_id can be easily changed to view an other config file which not must be assigned to the current user.

Tested in 2.0
WillyXJ pushed a commit that referenced this issue May 2, 2015
WillyXJ WillyXJ
#210 - fixed unauth access to zone/server config
f5099af
@WillyXJ WillyXJ added the fmDNS label May 3, 2015
@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented May 3, 2015

Confirmed along with viewing the full server config when the user is not privileged to. These have been fixed in 2.0.1.
@WillyXJ WillyXJ closed this May 3, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fmDNS
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@WillyXJ @Vringe