BookStack/app
Dan Brown e765e61854
Addressed user detail harvesting issue
Altered access & usage of the /search/users/select endpoint with the
following changes:
- Removed searching of email address to prevent email detail discovery
  via hunting via search queries.
- Required the user to be logged in and have permission to manage users
  or manage permissions on items in some way.
- Removed the user migration option on user delete unless they have
  permission to manage users.

For #3108
Reported in https://huntr.dev/bounties/135f2d7d-ab0b-4351-99b9-889efac46fca/
Reported by @haxatron
2021-12-14 18:47:22 +00:00
..
Actions Fixed related permissions query not considering drafts 2021-11-30 00:06:17 +00:00
Api Added API search endpoint 2021-11-14 16:28:01 +00:00
Auth Addressed user detail harvesting issue 2021-12-14 18:47:22 +00:00
Config Added an env configurable file upload size limit 2021-11-14 22:03:22 +00:00
Console Added test for logical-theme-system command registration 2021-11-22 19:03:04 +00:00
Entities Tweaked pdf export iframe replacement to fix compatibility 2021-11-28 21:01:35 +00:00
Exceptions Fixed related permissions query not considering drafts 2021-11-30 00:06:17 +00:00
Facades
Http Addressed user detail harvesting issue 2021-12-14 18:47:22 +00:00
Interfaces Tweaked custom command registration, Added StyleCI fixes 2021-11-22 22:22:31 +00:00
Notifications
Providers
Settings
Theming Updated translators and merged styleci fixes 2021-11-23 20:41:12 +00:00
Traits
Translation
Uploads Applied another round of static analysis updates 2021-11-22 23:33:55 +00:00
Util
Application.php
helpers.php
Model.php Applied latest StyleCI changes 2021-11-06 22:00:33 +00:00