/facileManager

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Non-assigned zone config can be viewed by any user #210

Closed
Vringe opened this Issue Apr 30, 2015 · 1 comment

Comments

Assignees
No one assigned
Labels
fmDNS
Projects
None yet
Milestone
No milestone
2 participants
@Vringe @WillyXJ
@Vringe
Contributor

Vringe commented Apr 30, 2015

The url for previewing the config file is: https://example.com/preview.php?server_serial_no=-1&config=zone&domain_id=44

The domain_id can be easily changed to view an other config file which not must be assigned to the current user.

Tested in 2.0

WillyXJ pushed a commit that referenced this issue May 2, 2015

WillyXJ WillyXJ
#210 - fixed unauth access to zone/server config
f5099af

@WillyXJ WillyXJ added the fmDNS label May 3, 2015

@WillyXJ

This comment has been minimized.

Sign in to view
Owner

WillyXJ commented May 3, 2015

Confirmed along with viewing the full server config when the user is not privileged to. These have been fixed in 2.0.1.

@WillyXJ WillyXJ closed this May 3, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment