you're sending GET request to delete multiple files, this a really bad practice

n1crack / vuefinder

Empower your Vue.js applications with this versatile and customizable file manager component, simplifying file organization and navigation.

https://vuefinder.ozdemir.be

MIT License

259 stars 75 forks source link

Closed jugurtha114 closed 9 months ago

jugurtha114 commented 1 year ago

hello, i noticed that when u delete files ,you send a request like that :

GET	http://0.0.0.0:8000/api/vuefinder/?q=delete&adapter=default&path=default://./stored_uploads&items=[{"path":"./stored_uploads/IMG20230110205302.jpg","type":"file"},{"path":"./stored_uploads/IMG20230110213531.jpg","type":"file"}]

this is a hug security risk, please fellow the convention which is DELETE method