Skip to content

don't generate the new private_id/url until after the post#59

Open
ekoyle wants to merge 1 commit intoatoponce:masterfrom
ekoyle:generate_url_at_post
Open

don't generate the new private_id/url until after the post#59
ekoyle wants to merge 1 commit intoatoponce:masterfrom
ekoyle:generate_url_at_post

Conversation

@ekoyle
Copy link
Copy Markdown

@ekoyle ekoyle commented Jan 28, 2020

Don't even pass new_url to client, generate it after the post to prevent tampering.

Also fixes #57

@ekoyle ekoyle mentioned this pull request Mar 31, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Note re-creation vulnerability

1 participant

@ekoyle