Tvheadend log expose data to non-admin users
Steps for issue re-creation when logged in as admin:
1. Create non-admin user
2. Allow "Web interface" feature for non-admin user
3. Log in to web interface as non-admin user and go to Tvheadend log
4. Observe that all activity and data (IP, Usernames, Mux names..) of admin or any other user is exposed to non-admin user in Tvheadend log!
Tvheadend log should not show and should not be allowed/enabled/visible for non-admin users.
comet: allow to watch the logs only with the administrator priviledges, fixes #4186
#3 Updated by Jaroslav Kysela 2 months ago
- Status changed from New to Fixed
- % Done changed from 0 to 100
Applied in changeset tvheadend|54e63e3f9af8fdc0d23f61f3cda7fa7b246c1732.