Web Api - Event Summary Api - Bad security practice

Question

Web Api - Event Summary Api - Bad security practice

Opened this issue 4 months ago · 0 comments

The event summary api uses a really bad check to ensure the user is the owner of the event, putting its trust in the data passed by the user. Change this to look up the event and the associated user.