I have tested it in 1.6.13 too.
Yeah, me too...
2. If you think that you've found a security issue, it's irresponsible to post it in the wild without trying to contact developers privately.
OK, sorry about that, but I had some considerations when I posted it:
- I don't see it as a security issue. I think the developers allowed it on purpose because of some other functions.
- I don't think that a common user comes here.
Well, as I've wrote, we'll evaluate the cause of the issue and whether it is a vulnerability, or a bug. Actually, it was you who called this feature potentially dangerous.
As of your second note, they do. At the same time, security issues are interesting to shady persons, not to a common users.
If you think it's safer, please, feel free to edit my post above. You could leave only the bold text.
I'm afraid, it's too late. What goes on the Internet stays on the Internet.