Skip to content
This repository has been archived by the owner on Aug 22, 2022. It is now read-only.

Security issue: private admin field labels and instructions being leaked in login screen source code #12

Closed
SimonEast opened this issue May 1, 2017 · 1 comment
Closed

Security issue: private admin field labels and instructions being leaked in login screen source code #12

SimonEast opened this issue May 1, 2017 · 1 comment
Labels
bug

Comments

@SimonEast
Copy link

I just noticed that when viewing the source code of my Craft login screen, the relabel plugin seems to be dumping all its JSON data there. Since this could potentially include private data that includes field names and instructions intended for admin users only, it would be great if this was excluded from the login screen and any other screens that are potentially accessible by non-admins.

See example here: http://ku.staging7.yump.com.au/admin/login
(will remove this link shortly)

I don't have time right now to submit a patch, but if there is someone else willing to, that would be great.

Simon.
@SimonEast SimonEast mentioned this issue Jan 25, 2019
Closed
@ttempleton
Copy link
Contributor

This issue has been resolved in the Craft 3 version of the original Relabel, which is now known as Field Labels.

@ttempleton ttempleton added the bug label Jul 26, 2020
@jamealg jamealg mentioned this issue Aug 17, 2020
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SimonEast @ttempleton