Age | Commit message (Collapse) | Author |
|
* Ensure that the form is submitted with a post request
* Replaced several links with forms
Closes #494 (Security Vulnerability)
|
|
|
|
|
|
(Contains some buggy stuff too...)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Any user with the `shiftentry_edit_angeltype_supporter` privilege was
able to sign up any users of the correct angeltype to any shift that
they could sign up themselves because the shift entry controller only
checks for the global privilege an not the fact that the user is indeed
supporter for the angeltype in question.
|
|
|
|
|
|
|
|
# Conflicts:
# includes/controller/angeltypes_controller.php
# includes/pages/admin_groups.php
# includes/pages/user_settings.php
# includes/sys_page.php
# src/Exceptions/Handler.php
# src/Http/Request.php
|
|
|
|
line expected
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|