Mottokrosh
commented
7 years ago Please use https://github.com/Mottokrosh/Sheet/issues to post issues now. Also, please include steps to reproduce (with an example if possible).
Closed ddivecs closed 7 years ago
Mottokrosh
commented
7 years ago Please use https://github.com/Mottokrosh/Sheet/issues to post issues now. Also, please include steps to reproduce (with an example if possible).
Sharing the url for my character sheet gives people a link to a page that allows them to edit my character sheet (bypasing auth). To be clear, the website checks if you are logged in, but once you are logged in, you are allowed to edit ANY sheet you have a link to, not just your own.
This is seems like a security flaw.