cf93d1da50
while this is something that only the user that made the request will see, and for most people the possibility of "hacking" themselves is rather redundant, it is still not nice to have this possible in general; as even if it's highly unlikely that there ever can be an error triggered to another user via API2 request handling, hardening against it is simply to cheap to not do it. Reported-by: Marcel Fromkorth <marcel.fromkorth@8com.de> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> |
||
|---|---|---|
| debian | ||
| src | ||
| .gitignore | ||
| Makefile | ||