Browse Source
Only the admin user (sudo) is allowed to send notifications to other users. The normal users can only send notifications to themselves. This is to prevent attackers to craft malicious notifications and send them to other users using RPC. Correction based on the idea of @hbrunnpull/1073/head
Guewen Baconnier
6 years ago
2 changed files with 17 additions and 1 deletions
Loading…
Reference in new issue