Merge pull request #1921 from ether/dont-pass-padid-in-historical-authors
Dont pass padid in historical authors
This commit is contained in:
commit
7f42f70732
|
@ -1016,6 +1016,10 @@ function handleClientReady(client, message)
|
|||
// Warning: never ever send padIds.padId to the client. If the
|
||||
// client is read only you would open a security hole 1 swedish
|
||||
// mile wide...
|
||||
// Heh, turns out we already did when we sent historicalAuthorData so
|
||||
// if it's a readonly pad request don't send the pad IDs of the author
|
||||
if(sessioninfos[client.id].readonly) historicalAuthorData = {};
|
||||
|
||||
var clientVars = {
|
||||
"accountPrivs": {
|
||||
"maxRevisions": 100
|
||||
|
|
Loading…
Reference in New Issue