-
Johnny authored
Security fixes for multiple authorization bypass vulnerabilities: - GetAttachment: Add visibility check via checkAttachmentAccess helper - UpdateAttachment: Add ownership check (creator or admin only) - Fileserver: Require creator/admin auth for unlinked attachments - ListMemoAttachments: Add memo visibility check - CreateMemoComment: Add memo visibility check for target memo - ListMemoReactions: Add memo visibility check - UpsertMemoReaction: Add memo visibility check All checks follow the existing pattern used in GetMemo for consistency.
c7b48b80
| Name |
Last commit
|
Last update |
|---|---|---|
| .github | ||
| cmd/memos | ||
| internal | ||
| plugin | ||
| proto | ||
| scripts | ||
| server | ||
| store | ||
| web | ||
| .dockerignore | ||
| .gitignore | ||
| .golangci.yaml | ||
| AGENTS.md | ||
| CODEOWNERS | ||
| LICENSE | ||
| README.md | ||
| SECURITY.md | ||
| go.mod | ||
| go.sum |