Incorrect access control settings for wiki pages

games647 / FastLogin

Checks if a minecraft player has a valid paid account. If so, they can skip offline authentication automatically. (premium auto login)

https://www.spigotmc.org/resources/fastlogin.14153

MIT License

492 stars 120 forks source link

Incorrect access control settings for wiki pages #1138

Closed nartsisss closed 7 months ago

nartsisss commented 7 months ago

Current settings for wiki pages in the repository allows any user without collaborator status to edit, create, or delete pages:

This poses a security risk as random user may modify general information contained in the wiki pages. You should fix it in Settings > General > Features

games647 commented 7 months ago

It is open on purpose to edit the language files.

nartsisss commented 7 months ago

Thanks for the quick reply.

Unfortunately, you can't restrict editing of certain wiki pages, at some point there will be someone who will abuse it.

Maybe you should move this from the wiki pages to a separate (for example "locales") directory with a locale file for each language?