danbooru/test/unit/saved_search_test.rb at e3af7383717fc100f6a3e893a5547f94de9525a6

Files

evazion c41e3f4590 saved searches: fix exploit allowing flaggers to be determined.

Fix an exploit that let you determine the flagger of a post using
`flagger:<username>` saved searches. Saved searches were performed as
DanbooruBot, but since DanbooruBot is a moderator, it let unprivileged
users do `flagger:<username>` searches. Saved searches were done as a
moderator to avoid tag limits, but this is no longer necessary since the
last PostQueryBuilder refactor.

fred get out

2021-09-01 00:55:19 -05:00

6.4 KiB

Raw Blame History

View Raw

6.4 KiB Raw Blame History

6.4 KiB

Raw Blame History