When a user has no permission to see the page history, he still knows about older entries from the global history pages, which can be a metadata leak. They should not be there
Search must also consider permissions such as can_read etc.
1. When a user has no permission to see the page history, he still knows about older entries from the global history pages, which can be a metadata leak. They should not be there
2. Search must also consider permissions such as can_read etc.
crtxcr
于 2020-09-21 22:08:37 +02:00 修改标题 Permissions not or improperly checked in some contexts 为 Permissions not or only improperly checked in some contexts
When a user has no permission to see the page history, he still knows about older entries from the global history pages, which can be a metadata leak. They should not be there
Search must also consider permissions such as can_read etc.
Permissions not or improperly checked in some contexts为 Permissions not or only improperly checked in some contexts