sonot
/
PteroTheme
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Addresses security flaw allowing unauthenticated access to server overview.

This commit is contained in:
Dane Everitt 2017-02-05 19:59:16 -05:00
parent 02458c909d
commit 0d61417814
No known key found for this signature in database
GPG Key ID: EEA66103B3D71F53
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/Models/Server.php
View File

@ -113,7 +113,9 @@ class Server extends Model
*/ */
public static function byUuid($uuid) public static function byUuid($uuid)
{ {
$query = self::with('service', 'node')->where('uuidShort', $uuid)->orWhere('uuid', $uuid); $query = self::with('service', 'node')->where(function ($q) use ($uuid) {
$q->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
});
if (! Auth::user()->isRootAdmin()) { if (! Auth::user()->isRootAdmin()) {
$query->whereIn('id', Auth::user()->serverAccessArray()); $query->whereIn('id', Auth::user()->serverAccessArray());