Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-23 17:56:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Security Fix 12: FixDuplicateBleed.

Browse source 
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
This commit is contained in:
Lauri Ojansivu 2026-01-18 20:07:12 +02:00
parent 0f5a9c3877
commit 4ce181d172
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
server/methods/fixDuplicateLists.js
View file

@ -4,6 +4,7 @@ import Boards from '/models/boards';
import Lists from '/models/lists';
import Swimlanes from '/models/swimlanes';
import Cards from '/models/cards';
import ReactiveCache from '/imports/reactiveCache';
/**
* Fix duplicate lists and swimlanes created by WeKan 8.10
@ -15,6 +16,10 @@ Meteor.methods({
throw new Meteor.Error('not-authorized');
}
if (!ReactiveCache.getUser(this.userId).isAdmin) {
throw new Meteor.Error('not-authorized', 'Admin required');
}
if (process.env.DEBUG === 'true') {
console.log('Starting duplicate lists fix for all boards...');
}
@ -55,6 +60,11 @@ Meteor.methods({
throw new Meteor.Error('not-authorized');
}
const board = ReactiveCache.getBoard(boardId);
if (!board || !board.hasAdmin(this.userId)) {
throw new Meteor.Error('not-authorized');
}
return fixDuplicateListsForBoard(boardId);
}
});
@ -203,6 +213,10 @@ Meteor.methods({
throw new Meteor.Error('not-authorized');
}
if (!ReactiveCache.getUser(this.userId).isAdmin) {
throw new Meteor.Error('not-authorized', 'Admin required');
}
const allBoards = Boards.find({}).fetch();
const report = [];