sourcehut
/
man.sr.ht
mirror of https://git.sr.ht/~sircmpwn/man.sr.ht
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Do not disclose existence of private resources 

When a user attempts to view a wiki that they do not have access to, the
error code should not disclose that this resource does in fact exist.
This commit is contained in:
Conrad Hoffmann 2022-11-08 11:27:23 +01:00 committed by Drew DeVault
parent 8de82b919c
commit 62e8f477ac
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mansrht/access.py
View File

@ -77,5 +77,5 @@ def check_access(owner_name, wiki_name, access):
abort(404)
a = get_access(wiki, owner)
if not access in a:
abort(403)
abort(404)
return owner, wiki