• Helmut Hummel's avatar
    [SECURITY] Fix unauthorized SOAP access · 0ecc7fc6
    Helmut Hummel authored
    By having an inverted condition, attackers
    could upload arbitrary extensions by only knowing
    the username and the extension key.
    When knowing a username of a TER admin,
    it was also possible to perform TER admin
    commands (like deleting extensions) via SOAP