search

emfcamp / Website

The Electromagnetic Field web site
http://www.emfcamp.org
GNU Affero General Public License v3.0
41 stars 84 forks source link

api.schedule: abort early in _require_video_api_key if key is missing/empty in config #1775

Closed Kunsi closed 2 months ago

Kunsi commented 2 months ago

If we don't have that, the code will happily compare "" against "", which is true, leading to an authentication bypass vulnerability.