hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: #11906, userData.sso — don't serve deauthUrl or non-associated url if caller uid is not same as target uid

Browse Source
isekai-main
Julian Lam 1 year ago
parent 49bdb455eb
commit 19e047e2d3
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File

11
src/controllers/accounts/helpers.js
Unescape Escape View File

@ -104,7 +104,16 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
canViewInfo: canViewInfo, canViewInfo: canViewInfo,
}); });
userData.sso = results.sso.associations; userData.sso = results.sso.associations.map((association) => {
if (!isSelf) {
delete association.deauthUrl;
if (!association.associated) {
delete association.url;
}
}
return association;
});
userData.banned = Boolean(userData.banned); userData.banned = Boolean(userData.banned);
userData.muted = parseInt(userData.mutedUntil, 10) > Date.now(); userData.muted = parseInt(userData.mutedUntil, 10) > Date.now();
userData.website = escape(userData.website); userData.website = escape(userData.website);

Write Preview
Loading…
Cancel
Save