search

craftcms / feed-me

Craft CMS plugin for importing entry data from XML, RSS or ATOM feeds—routine task or on-demand.
Other
288 stars 139 forks source link

Duplicating a feed does not change the passkey on the new feed created #1526

Open jamesmacwhite opened 4 hours ago

jamesmacwhite commented 4 hours ago

Description

When duplicating a feed the passkey is copied from the existing feed. Depending on how you view the use/purpose of the passkey, it is technically there to provide an extra layer of security in addition to just being able to pass a feed ID from a web request to a trigger a feed import. Having it not changed from an existing feed could be seen as potentially a security issue if you have a passkey for another feed and just increment the ID to try and guess or enumerate.

Not a bug technically but perhaps something that can be reviewed?

Steps to reproduce

  1. Duplicate an existing Feed Me feed
  2. The passkey value provided will be the same from the original feed

Additional info

jamesmacwhite commented 4 hours ago

As the field helper references it as a unique string, the duplication action contradicts that. Image