Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Fix: Deny users from editing others posts. #48

Merged

Conversation

Fr3akyMurk
Copy link
Contributor

Description

Users currently can go to other peoples posts and edit them without any checks if its their post or not, all they have to do is figure out the id for the post and go to /editor/[postId], do their edits and save it.

This can be very bad (not so much in this circumstance).

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update
  • This change requires installing new dependencies
  • Security fix.

Users currently can go to other peoples posts and edit them without any checks if its their post or not, all they have to do is figure out the id for the post and go to /editor/[postId], do their edits and save it.

This can be very bad (not so much in this circumstance).
Copy link

vercel bot commented Feb 27, 2024

Someone is attempting to deploy a commit to a Personal Account owned by @iamtouha on Vercel.

@iamtouha first needs to authorize it.

@Fr3akyMurk Fr3akyMurk changed the title Patch 4 Security Fix: Deny users from editing others posts. Feb 27, 2024
@Fr3akyMurk
Copy link
Contributor Author

You should probably add "Security Fix" as a checkbox

@Fr3akyMurk
Copy link
Contributor Author

Double checked this, will look at the linting issues.

@Fr3akyMurk
Copy link
Contributor Author

Latest update:
Removed un-neccecary code (forgot that the app already check if you're logged in before even showing you the post)
Added the toast to tell you that the post has been saved.

Copy link

vercel bot commented Feb 28, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
t3-lucia-starter ✅ Ready (Inspect) Visit Preview 💬 Add feedback Feb 28, 2024 7:09am

@iamtouha iamtouha changed the base branch from main to fix/deny-other-users-from-edit-post March 10, 2024 17:11
@iamtouha iamtouha merged commit f52d0f3 into saasykits:fix/deny-other-users-from-edit-post Mar 10, 2024
2 of 3 checks passed
@Fr3akyMurk Fr3akyMurk deleted the patch-4 branch March 10, 2024 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants