Project

General

Profile

Feature #4186

Tvheadend log expose data to non-admin users

Added by Anonymous over 5 years ago. Updated over 5 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
User Interface
Target version:
Start date:
2017-01-16
Due date:
% Done:

100%

Estimated time:

Description

Steps for issue re-creation when logged in as admin:

1. Create non-admin user
2. Allow "Web interface" feature for non-admin user
3. Log in to web interface as non-admin user and go to Tvheadend log
4. Observe that all activity and data (IP, Usernames, Mux names..) of admin or any other user is exposed to non-admin user in Tvheadend log!

Tvheadend log should not show and should not be allowed/enabled/visible for non-admin users.

History

#1

Updated by Anonymous over 5 years ago

You can close this ticket now. I can see this has been already fixed, because all is OK in HTS Tvheadend 4.1-2477~g019c946~xenial and no sensitive information are exposed to non-admin users. Good work!

#2

Updated by Jaroslav Kysela over 5 years ago

  • Target version set to 4.2
#3

Updated by Jaroslav Kysela over 5 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset commit:tvheadend|54e63e3f9af8fdc0d23f61f3cda7fa7b246c1732.

Also available in: Atom PDF