DSGVO export uses query parameter for password instead of request body #164

New Issue

2026-04-10T16:03:49+02:00

shahondin1624 commented

2026-04-10 16:03:49 +02:00

Severity: HIGH

Location

lib/Controller/DsgvoController.php:64

Description

The DSGVO export endpoint reads the encryption password via $this->request->getParam('password') which can come from query string. Passwords in query strings are logged in server access logs, browser history, and proxy logs.

Recommendation

Read password exclusively from the POST body via getRequestData()['password'].

## Severity: HIGH ## Location `lib/Controller/DsgvoController.php:64` ## Description The DSGVO export endpoint reads the encryption password via `$this->request->getParam('password')` which can come from query string. Passwords in query strings are logged in server access logs, browser history, and proxy logs. ## Recommendation Read password exclusively from the POST body via `getRequestData()['password']`.

shahondin1624 added the backend security priority:high labels 2026-04-10 16:03:49 +02:00

shahondin1624 referenced this issue from a commit

2026-04-10 16:14:20 +02:00

fix: read DSGVO export password from POST body only (Closes #164)

shahondin1624 referenced a pull request that will close this issue

2026-04-10 16:14:27 +02:00

fix: read DSGVO export password from POST body only (Closes #164) #177

shahondin1624 closed this issue

2026-04-10 16:14:32 +02:00

shahondin1624 referenced this issue from a commit

2026-04-10 16:14:34 +02:00

fix: read DSGVO export password from POST body only (Closes #164) (#177)