-
Helmut Hummel authored
By having an inverted condition, attackers could upload arbitrary extensions by only knowing the username and the extension key. When knowing a username of a TER admin, it was also possible to perform TER admin commands (like deleting extensions) via SOAP
0ecc7fc6