From a8ec6a4a9c146397d3fa5f25a108dff322e46276 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 26 Feb 2018 15:40:19 -0500
Subject: [PATCH] patching accidental leakage of full path of uploaded file
 when uploading pictures or attachments

---
 src/controllers/uploads.js | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/controllers/uploads.js b/src/controllers/uploads.js
index e7e77c4a4f..b14d878230 100644
--- a/src/controllers/uploads.js
+++ b/src/controllers/uploads.js
@@ -73,7 +73,14 @@ function uploadAsImage(req, uploadedFile, callback) {
 
 			resizeImage(fileObj, next);
 		},
-	], callback);
+	], function (err, fileObj) {
+		if (err) {
+			return callback(err);
+		}
+
+		delete fileObj.path;
+		callback(null, fileObj);
+	});
 }
 
 function uploadAsFile(req, uploadedFile, callback) {
@@ -90,7 +97,14 @@ function uploadAsFile(req, uploadedFile, callback) {
 			}
 			uploadsController.uploadFile(req.uid, uploadedFile, next);
 		},
-	], callback);
+	], function (err, fileObj) {
+		if (err) {
+			return callback(err);
+		}
+
+		delete fileObj.path;
+		callback(null, fileObj);
+	});
 }
 
 function resizeImage(fileObj, callback) {