dunkirk.sh / thistle
đŸĒģ distributed transcription service thistle.dunkirk.sh
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat: add input validation on admin endpoints #17

open opened by dunkirk.sh

Examples:#

  • /api/classes/:id/archive - Doesn't verify class exists before toggling
  • /api/meetings/:id PUT - No validation that meeting belongs to admin-accessible class
  • /api/transcripts/:id/select - Doesn't validate transcription status

Fix Time#

~1 hour

Recommendation#

Add existence and ownership validation

From LAUNCH_REVIEW.md Issue #28

sign up or login to add to the discussion
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:krxbvxvis5skq7jj6eot23ul/sh.tangled.repo.issue/3m6d4dyhiih2a