references/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-06-14 03:30:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
9a3eea64489df6dd2f48d4734a700de08dee0f13
open-webui/backend
T
History
Classic298 9a3eea6448 fix: bind prompt history/version ops to the authorized prompt (#25056) 
The history diff, delete, and version-restore routes authorize the URL
prompt_id but then act on a caller-supplied history/version id without
checking it belongs to that prompt (IDOR). Filter by prompt_id in
compute_diff and delete_history_entry, and reject a cross-prompt version_id
in update_prompt_version.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-01 12:07:52 -07:00
..
data
open_webui
fix: bind prompt history/version ops to the authorized prompt (#25056)
2026-06-01 12:07:52 -07:00
.dockerignore
.gitignore
dev.sh
refac
2026-03-24 19:43:30 -05:00
requirements-min.txt
refac
2026-04-24 18:20:10 +09:00
requirements.txt
refactor(firecrawl): use v2 API directly (#23934)
2026-04-24 18:32:08 +09:00
start_windows.bat
refac
2026-04-24 15:40:02 +09:00
start.sh
fix: default optional env vars used with bash ,, in start.sh (#24683)
2026-05-15 09:29:25 +09:00