rodrigo/iachat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
86da3f7c06
iachat/app/controllers/api
History
Pranav 86da3f7c06
fix: Remove account_id from params since it is not used (#13116) 
account_id was permitted in strong parameters, allowing authenticated
admins to transfer resources (Portals, Automation Rules, Macros) to
arbitrary accounts.

 Fix: Removed account_id from permitted params in 4 controllers:
  - portals_controller.rb
  - automation_rules_controller.rb
  - macros_controller.rb
  - twilio_channels_controller.rb
2025-12-19 17:07:53 -08:00
..
v1 fix: Remove account_id from params since it is not used (#13116) 2025-12-19 17:07:53 -08:00
v2 feat(ce): Add Year in review feature (#13078) 2025-12-15 17:24:45 -08:00
base_controller.rb chore: Ensure privilege validations for API endpoints (#2224) 2021-06-11 11:44:31 +05:30