happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
memos/server/router
History
Johnny c7b48b800f fix: add access control checks for attachments, comments, and reactions 
Security fixes for multiple authorization bypass vulnerabilities:

- GetAttachment: Add visibility check via checkAttachmentAccess helper
- UpdateAttachment: Add ownership check (creator or admin only)
- Fileserver: Require creator/admin auth for unlinked attachments
- ListMemoAttachments: Add memo visibility check
- CreateMemoComment: Add memo visibility check for target memo
- ListMemoReactions: Add memo visibility check
- UpsertMemoReaction: Add memo visibility check

All checks follow the existing pattern used in GetMemo for consistency.
 		2026-01-31 23:02:30 +08:00
..
api/v1 fix: add access control checks for attachments, comments, and reactions 2026-01-31 23:02:30 +08:00
fileserver fix: add access control checks for attachments, comments, and reactions 2026-01-31 23:02:30 +08:00
frontend chore: prevent sensitive data caching 2025-12-20 12:33:16 +08:00
rss refactor: simplify theme/locale to user preferences and improve initialization 2025-12-02 09:08:46 +08:00