Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevents activity from being deleted by users who don't own that activity #8992

Merged
merged 1 commit into from
Jun 3, 2021
Merged

Prevents activity from being deleted by users who don't own that activity #8992

merged 1 commit into from
Jun 3, 2021

Conversation

gdixon
Copy link
Contributor

@gdixon gdixon commented Jun 3, 2021

Description

This PR fixes a security vulnerability where by any user can delete activity from any other users profile

Refers/Fixes

refers: email string

Testing

Written by @owocki, verified by @thelostone-mc & myself

@gdixon gdixon merged commit 3d0de86 into stable Jun 3, 2021
thelostone-mc pushed a commit that referenced this pull request Jun 7, 2021
@gdixon @owocki
fix: POAP - Ensures that all tokens are considered and not just the t…
414bc15 
…oken with the lowest ID (#8994)

* permissions on activity (#8992)

Co-authored-by: owocki <[email protected]>

* Ensures that all tokens are considered and not just the token with the lowest id

Co-authored-by: owocki <[email protected]>
thelostone-mc pushed a commit that referenced this pull request Jun 8, 2021
@owocki @gdixon
Refills deadbeat quests with freshie kudos (#9004)
014682e 
* permissions on activity

* permissions on activity (#8992)

Co-authored-by: owocki <[email protected]>

* auto-restore of deadbeat quests

Co-authored-by: Graham Dixon <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chibie chibie Awaiting requested review from chibie

@frankchen07 frankchen07 Awaiting requested review from frankchen07

@octavioamu octavioamu Awaiting requested review from octavioamu

@PixelantDesign PixelantDesign Awaiting requested review from PixelantDesign

@thelostone-mc thelostone-mc Awaiting requested review from thelostone-mc thelostone-mc is a code owner

@zlsgh zlsgh Awaiting requested review from zlsgh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gdixon @owocki