Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove the /db page #933

Merged
merged 1 commit into from Apr 28, 2019
Merged

Remove the /db page #933

merged 1 commit into from Apr 28, 2019

Conversation

@jvoisin
Copy link
Contributor

jvoisin commented Mar 28, 2019

This page wasn't linked anywhere, allows an administrator to issue arbitrary sql
comments, and is vulnerable to reflected XSS.

We should get rid of it. If you really want to issue
SQL commands, just ssh to your instance and do it from here.

This page wasn't linked anywhere, and was
allowing an administrator to issue arbitrary sql
comments, and was vulnerable to reflected XSS.

We should get rid of it. If you really want to issue
SQL commands, just ssh to your instance and do it from here.
@jvoisin jvoisin force-pushed the jvoisin:remove_admin_db_page branch from bad886d to 787f0e6 Apr 27, 2019
@jvoisin jvoisin merged commit 348c698 into airsonic:master Apr 28, 2019
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@jvoisin jvoisin deleted the jvoisin:remove_admin_db_page branch Apr 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant
You can’t perform that action at this time.