mirror of
https://github.com/wekan/wekan.git
synced 2026-01-23 17:56:09 +01:00
Security Fix 10: BoardTitleRESTBleed.
Thanks to [Joshua Rogers](https://joshua.hu) of [Aisle Research](https://aisle.com) and xet7.
This commit is contained in:
Lauri Ojansivu
parent
8c0b4f79d8
commit
545566f566
1 changed files with 1 additions and 1 deletions
|
|
@ -2433,8 +2433,8 @@ if (Meteor.isServer) {
|
|||
*/
|
||||
JsonRoutes.add('PUT', '/api/boards/:boardId/title', function(req, res) {
|
||||
try {
|
||||
Authentication.checkUserId(req.userId);
|
||||
const boardId = req.params.boardId;
|
||||
Authentication.checkBoardWriteAccess(req.userId, boardId);
|
||||
const title = req.body.title;
|
||||
|
||||
Boards.direct.update({ _id: boardId }, { $set: { title } });
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue