search for: publicstats_raw_request

Good morning, On Sun, 2024-01-21 at 10:39 +0000, TDAS wrote: > Can anyone tell me why?/admin/publicstats?is unprotected? And how I > go about changing that!? > > I don?t understand why it would be accessible by anyone without > authenticating when it is under?/admin/??? The endpoint is meant to be a replacement for /status-json.xsl which it deprecates. The admin/-namespace is

...here any examples, as I need to get it turned off pretty quickly. Also, as there is no ?publicstats? in the admin dir, I?m guessing it is aliased somewhere. A grep finds: src/acl.c: acl_set_admin_str(ret, ACL_POLICY_ALLOW, "buildm3u,publicstats,publicstats.json"); src/admin.c:#define PUBLICSTATS_RAW_REQUEST "publicstats" src/admin.c:#define PUBLICSTATS_JSON_REQUEST "publicstats.json" src/admin.c: { PUBLICSTATS_RAW_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_public_stats, NULL}, src/admin.c: { PUB...