Commit c2b792e
(fix): address review findings — 1 HIGH, 0 MEDIUM
Restore strict-equivalence regex in MongoPermissionFilter to match the
hardening applied in main by 6d50ac1 ("Force strict equivalence in mongo
role checks"). The query-lib refactor extracted the three Mongo.php call
sites into this hook but reverted the pattern to the pre-fix form that
matches stored permissions whose role substring contains any of the
caller's roles, enabling a read-side authorization bypass.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>1 parent 15e6aa7 commit c2b792e
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
48 | 48 | | |
49 | 49 | | |
50 | 50 | | |
51 | | - | |
| 51 | + | |
52 | 52 | | |
53 | 53 | | |
54 | 54 | | |
| |||
0 commit comments