search

EchoLeague / Echo-League-Website-Testing

A repo to track testing and feedback for the EchoLeague website
2 stars 0 forks source link

User can add arbitrary strings as roles during registration #37

Closed liampwll closed 7 years ago

liampwll commented 7 years ago

User State: Logged In

Environment: Test Server

Version or Branch: 0.15.6

Description: User can add arbitrary strings as roles during registration

Steps to Reproduce:

  1. Intercept POST http://test.echoleague.gg:8081/user/create
  2. Change "roles" to something else, for example "roles":{"pos1":true,"pos2":true,"pos3":true,"pos4":false,"pos9":true,"random":true,"words":true,"in":true,"roles":true}
ammuench commented 7 years ago

Added checks for this in v0.15.12