Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-30 05:05:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Security Fix 1: IDOR in setCreateTranslation. Non-admin could change Custom Translation.

Browse source 
Thanks to Joshua Rogers of joshua.hu, Twitter MegaManSec.
This commit is contained in:
Lauri Ojansivu 2025-12-29 16:20:17 +02:00
parent 48e856fca2
commit f244a43771
2 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
client/components/settings/translationBody.js
View file

@ -208,7 +208,7 @@ Template.newTranslationPopup.events({
Template.settingsTranslationPopup.events({
'click #deleteButton'(event) {
event.preventDefault();
Translation.remove(this.translationId);
Meteor.call('deleteTranslation', this.translationId);
Popup.back();
}
});