Andy Miller 0c38968c58 Fix email disclosure in user edit page title (GHSA-4cwq-j7jv-qmwg) ...

Security fix for IDOR-style information disclosure where the admin
email address was leaked in the <title> tag even on 403 Forbidden
responses.

The edit view title template previously included the email:
  {{ fullname ?? username }} <{{ email }}>

Now shows only the name/username without email:
  {{ fullname ?? username }}

This prevents low-privilege users from enumerating admin email
addresses by accessing /admin/accounts/users/{username} URLs.

2025-11-29 18:27:08 -07:00

..

assets

fixed for tests

2025-04-01 17:03:42 -06:00

blueprints

Fix email disclosure in user edit page title (GHSA-4cwq-j7jv-qmwg)

2025-11-29 18:27:08 -07:00

config

more improvements for JS minification and now pulls any broken JS out of pipeline

2025-11-27 20:56:07 +00:00

images

Watermark Media Action (#3308)

2021-10-21 06:31:33 -06:00

languages

added configurable snapshot pruning amount

2025-11-14 11:33:07 +00:00

pages

Do not cache 404 [#3025]

2020-10-05 11:16:17 +03:00

src

Merge branch 'fix/GHSA-x62q-p736-3997-GHSA-gq3g-666w-7h85-admin-security' into 1.8

2025-11-29 17:52:03 -07:00

templates

Fixed issue with content-security-policy not being properly supported with http-equiv + support single quotes

2021-02-08 11:45:22 -07:00

defines.php

prepare beta release

2025-11-29 11:02:20 -07:00

install.php

preflight integration for cli

2025-11-14 11:32:58 +00:00

recovery.php

support labels in recovery mode

2025-10-19 21:44:29 -06:00

rector.php

rector casting clarity

2025-09-20 22:49:21 -06:00

router.php

PHP 8.2+ fixes

2025-09-20 22:12:55 -06:00