MrUnknownDE/panel
1
0
Fork 0
mirror of https://github.com/MrUnknownDE/panel.git synced 2026-04-18 14:23:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Address security vulnerability that allows unauthenticated users to view server overview pages.

Browse Source
This commit is contained in:
Dane Everitt
2017-02-05 19:53:40 -05:00
parent ba1f71d1b6
commit 4a320c29a8
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/Models/Server.php
View File

@@ -172,8 +172,9 @@ class Server extends Model
$query = self::select('servers.*', 'services.file as a_serviceFile')
->join('services', 'services.id', '=', 'servers.service')
->where('uuidShort', $uuid)
->orWhere('uuid', $uuid);
->where(function ($q) use ($uuid) {
$q->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
});
if (self::$user->root_admin !== 1) {
$query->whereIn('servers.id', Subuser::accessServers());