Closed twalen closed 11 months ago
- the user name is replaced with user_id
https://github.com/sio2project/oioioi/pull/257/commits/99478ec4b352befd5c227524729689e6dc3828ce from https://github.com/sio2project/oioioi/pull/257 should fix this.
- the user name is replaced with user_id
99478ec from #257 should fix this.
I was also thinking about such solution, but I was not sure if this approach could lead to data leakage (like enumerating ids to get user logins).
- the user name is replaced with user_id
99478ec from #257 should fix this.
I was also thinking about such solution, but I was not sure if this approach could lead to data leakage (like enumerating ids to get user logins).
I'm taking this back. Actually lookup based on int-type is not a security issue. For malicious POST the user field will be reported as "str".
Currently in the Change Teacher form:
Expected behaviour: