Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2026-03-02 02:21:29 +01:00
Code Issues Packages Projects Releases Activity
Files
db852f3a47e7745839aa255a02d1ca050bae777c
Grav/system/blueprints/flex
History
Andy Miller 0c38968c58 Fix email disclosure in user edit page title (GHSA-4cwq-j7jv-qmwg) 
Security fix for IDOR-style information disclosure where the admin
email address was leaked in the <title> tag even on 403 Forbidden
responses.

The edit view title template previously included the email:
  {{ fullname ?? username }} <{{ email }}>

Now shows only the name/username without email:
  {{ fullname ?? username }}

This prevents low-privilege users from enumerating admin email
addresses by accessing /admin/accounts/users/{username} URLs.
2025-11-29 18:27:08 -07:00
..
configure
Fixed missing onAdminSave and onAdminAfterSave events when using Flex Pages and Flex Users
2020-07-01 14:20:14 +03:00
shared
Flex Directory: Implemented customizable configuration
2020-02-06 16:53:54 +02:00
accounts.yaml
Added support for case sensitive usernames
2020-06-02 11:57:55 +03:00
pages.yaml
Update pages.yaml
2021-12-16 11:16:58 +02:00
user-accounts.yaml
Fix email disclosure in user edit page title (GHSA-4cwq-j7jv-qmwg)
2025-11-29 18:27:08 -07:00
user-groups.yaml
Fixed groups filter not matching against readableName [getgrav/grav-plugin-admin#2224]
2022-02-07 10:30:25 +02:00