Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 02:55:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #11906, userData.sso — don't serve deauthUrl or non-associated url if caller uid is not same as target uid

Browse Source
This commit is contained in:
Julian Lam
2023-08-17 17:18:30 -04:00
parent 49bdb455eb
commit 19e047e2d3
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/controllers/accounts/helpers.js
View File

@@ -104,7 +104,16 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
canViewInfo: canViewInfo, canViewInfo: canViewInfo,
}); });
userData.sso = results.sso.associations; userData.sso = results.sso.associations.map((association) => {
if (!isSelf) {
delete association.deauthUrl;
if (!association.associated) {
delete association.url;
}
}
return association;
});
userData.banned = Boolean(userData.banned); userData.banned = Boolean(userData.banned);
userData.muted = parseInt(userData.mutedUntil, 10) > Date.now(); userData.muted = parseInt(userData.mutedUntil, 10) > Date.now();
userData.website = escape(userData.website); userData.website = escape(userData.website);