Skip to content

Commit

Permalink
fix information leak in private lists of patrons
Browse files Browse the repository at this point in the history
  • Loading branch information
Changaco committed Dec 15, 2023
1 parent cf4bf53 commit 09e0dff
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions www/%username/patrons/export.spt
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ if scope == 'active':
ORDER BY pt.ctime
LIMIT 1
) AS first_payment_date
, tipper_p.avatar_url AS patron_avatar_url
, (CASE WHEN tip.visibility > 1 THEN tipper_p.avatar_url ELSE '' END) AS patron_avatar_url
FROM current_tips tip
JOIN participants tipper_p ON tipper_p.id = tip.tipper
WHERE tip.tippee = %s
Expand Down Expand Up @@ -87,7 +87,7 @@ elif scope == 'all':
AND coalesce(pt.team, pt.recipient) = tip.tippee
AND pt.status = 'succeeded'
) AS sum_received
, tipper_p.avatar_url AS patron_avatar_url
, (CASE WHEN tip.visibility > 1 THEN tipper_p.avatar_url ELSE '' END) AS patron_avatar_url
FROM current_tips tip
JOIN participants tipper_p ON tipper_p.id = tip.tipper
WHERE tip.tippee = %s
Expand Down

0 comments on commit 09e0dff

Please sign in to comment.