Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-20 09:20:12 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Security Fix: IDOR CWE-639 that affected WeKan 7.80-7.93.

Browse source 
Thanks to apitech.fr and xet7 !
This commit is contained in:
Lauri Ojansivu 2025-10-10 21:59:04 +03:00
parent 0c080830bc
commit b87cff1289
3 changed files with 87 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

17
client/components/users/userHeader.js
View file

@ -241,8 +241,21 @@ Template.editProfilePopup.events({
},
'click #deleteButton': Popup.afterConfirm('userDelete', function() {
Popup.back();
Users.remove(Meteor.userId());
AccountsTemplates.logout();
// Use secure server method for self-deletion
Meteor.call('removeUser', Meteor.userId(), (error, result) => {
if (error) {
if (process.env.DEBUG === 'true') {
console.error('Error removing user:', error);
}
alert('Error deleting account: ' + error.reason);
} else {
if (process.env.DEBUG === 'true') {
console.log('User deleted successfully:', result);
}
AccountsTemplates.logout();
}
});
}),
});