Stafett-for-livet/web
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Add warning for privilege escalation exploit

Browse Source
This commit is contained in:
William 2022-04-05 20:03:12 +00:00
parent 6f550c850c
commit 32692782fb
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/lib/App/Core/AccessControl.php
View File

@ -19,11 +19,18 @@ class AccessControl
{ {
$this->app = $app; $this->app = $app;
/**
* WARNING WARNING WARNING:
*
* Never use an asterisk without putting anything before it like this "*".
* An attacker could leverage this by putting a forward slash behind a
* protected page like this "protected-page.php/pwned!" to gain access.
*/
$this->acl = [ $this->acl = [
// routes that need power level 1 and up // routes that need power level 1 and up
[ [
"routes" => [ "routes" => [
"race/simulator.php", "race/simulator.php*",
"race/configure/*" "race/configure/*"
], ],
"catcher" => [ "catcher" => [