-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Fix: Deny users from editing others posts. #48
Security Fix: Deny users from editing others posts. #48
Conversation
Users currently can go to other peoples posts and edit them without any checks if its their post or not, all they have to do is figure out the id for the post and go to /editor/[postId], do their edits and save it. This can be very bad (not so much in this circumstance).
Someone is attempting to deploy a commit to a Personal Account owned by @iamtouha on Vercel. @iamtouha first needs to authorize it. |
You should probably add "Security Fix" as a checkbox |
Double checked this, will look at the linting issues. |
Latest update: |
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
f52d0f3
into
saasykits:fix/deny-other-users-from-edit-post
Description
Users currently can go to other peoples posts and edit them without any checks if its their post or not, all they have to do is figure out the id for the post and go to /editor/[postId], do their edits and save it.
This can be very bad (not so much in this circumstance).
Type of change