tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-08-09 02:58:20 +00:00
Code Releases Activity

Fix API leaking Usermail if not logged in (#25097) (#26350)

Browse Source 
Backport #25097

The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
wxiaoguang
2023-08-06 20:11:39 +08:00
committed by GitHub
parent 59354d7135
commit 4fd8ac0653
4 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/convert/user.go
View File

@@ -51,7 +51,7 @@ func toUser(ctx context.Context, user *user_model.User, signed, authed bool) *ap
ID: user.ID,
UserName: user.Name,
FullName: user.FullName,
Email: user.GetEmail(),
Email: user.GetPlaceholderEmail(),
AvatarURL: user.AvatarLink(ctx),
Created: user.CreatedUnix.AsTime(),
Restricted: user.IsRestricted,