Fixed a security issue on share pages

2025-12-12 23:45:57 +00:00 · 2016-08-09 12:53:47 -04:00
parent 388ae933f8
commit 73e561beba
1 changed files with 6 additions and 2 deletions
--- a/server.js
+++ b/server.js
@@ -47,7 +47,11 @@ app = require('./server/homebrew.api.js')(app);

 var HomebrewModel = require('./server/homebrew.model.js').model;

-
+var sanitizeBrew = function(brew){
+	var cleanBrew = _.assign({}, brew);
+	delete cleanBrew.editId;
+	return cleanBrew;
+};


 //Edit Page
@@ -98,7 +102,7 @@ app.get('/share/:id', function(req, res){
 			prerenderWith : './client/homebrew/homebrew.jsx',
 			initialProps: {
 				url: req.originalUrl,
-				brew : resObj || errObj
+				brew : sanitizeBrew(resObj || errObj)
 			},
 			clearRequireCache : !process.env.PRODUCTION,
 		}, function (err, page) {