start fixing the password in scope potential corner case security issue
This commit is contained in:
Michael Q Larson
4
app.js
4
app.js
@ -196,7 +196,9 @@ app.use(helmet.contentSecurityPolicy({
|
|||||||
|
|
||||||
app.use(function (req, res, next) {
|
app.use(function (req, res, next) {
|
||||||
// Make user object available in templates.
|
// Make user object available in templates.
|
||||||
res.locals.user = req.user;
|
fullUser = req.user;
|
||||||
|
delete fullUser.password;
|
||||||
|
res.locals.user = fullUser;
|
||||||
next();
|
next();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|||||||
@ -159,7 +159,6 @@ exports.returnIndividualStory = function(req, res, next) {
|
|||||||
upVotes: story.upVotes,
|
upVotes: story.upVotes,
|
||||||
comments: story.comments,
|
comments: story.comments,
|
||||||
id: story._id,
|
id: story._id,
|
||||||
user: req.user || null,
|
|
||||||
timeAgo: moment(story.timePosted).fromNow(),
|
timeAgo: moment(story.timePosted).fromNow(),
|
||||||
image: story.image,
|
image: story.image,
|
||||||
page: 'show',
|
page: 'show',
|
||||||
|
|||||||
@ -8,7 +8,7 @@ block content
|
|||||||
if (user && user.profile.username === username)
|
if (user && user.profile.username === username)
|
||||||
.col-xs-12
|
.col-xs-12
|
||||||
.text-center
|
.text-center
|
||||||
a.btn.btn-big.btn-primary(href="/account") Update my public portfolio
|
a.btn.btn-big.btn-primary(href="/account") Update my public portfolio or manage my account
|
||||||
br
|
br
|
||||||
.row
|
.row
|
||||||
.col-xs-12
|
.col-xs-12
|
||||||
|
|||||||
Reference in New Issue
Block a user