rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests 1 Packages Releases Wiki Activity
rDrama/files
History
Snakes 12d7cfaa6c
Verify admin level before editing others' posts. 
Yes, it has been possible for any user to edit any post on the site,
their own or otherwise. Only have to generate the POST /edit_post/
manually: an example exploit was created and tested successfully
prior to patching. However, abuse of this vulnerability would have
generated edit_post modlog entries, the lack of which on prod suggest
it was not abused that we know of -- Lord knows how.
 		2022-08-11 20:12:35 -04:00
..
assets sneed 2022-08-12 00:00:02 +00:00
classes site_preview change for rdrama 2022-08-12 00:56:33 +02:00
helpers murder deuxrama.net 2022-08-11 18:46:11 +02:00
mail make some function names shorter 2022-08-11 06:05:23 +02:00
routes Verify admin level before editing others' posts. 2022-08-11 20:12:35 -04:00
templates site_preview change for rdrama 2022-08-12 00:56:33 +02:00
tests vdffsd 2022-05-23 00:45:04 +02:00
__init__.py Revert "delete useless file" 2022-06-10 21:50:09 -04:00
__main__.py Turn login-gate of 1568ec0162 into admin toggle. 2022-08-05 16:42:22 -04:00
cli.py Fix cli.py running in wrong working directory. 2022-06-19 05:28:07 -04:00