FreshRSS icon indicating copy to clipboard operation
FreshRSS copied to clipboard

Published 20 hours ago verified publisher icon FreshRSS

Move user-specific ext.php into normal FreshRSS controller

Open Alkarex opened this issue 2 years ago • 0 comments
trafficstars

ext.php should be limited to files not requiring login. We need to move user-specific functionality to a normal controller to check that we are serving a file from the proper user.

Security regression from https://github.com/FreshRSS/FreshRSS/issues/3433 Partial fix https://github.com/FreshRSS/FreshRSS/pull/4928

Alkarex avatar Dec 08 '22 09:12 Alkarex