Web Api - Event Summary Api - Bad security practice
Opened this issue · 0 comments
joebeernink commented
The event summary api uses a really bad check to ensure the user is the owner of the event, putting its trust in the data passed by the user. Change this to look up the event and the associated user.