while this is something that only the user that made the request will
see, and for most people the possibility of "hacking" themselves is
rather redundant, it is still not nice to have this possible in
general; as even if it's highly unlikely that there ever can be an
error triggered to another user via API2 request handling, hardening
against it is simply to cheap to not do it.
Reported-by: Marcel Fromkorth <marcel.fromkorth@8com.de> Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
projects / proxmox-widget-toolkit.git / commit