start fixing the password in scope potential corner case security issue
parent
f144e84310
commit
f1dcb4c373
4
app.js
4
app.js
|
@ -196,7 +196,9 @@ app.use(helmet.contentSecurityPolicy({
|
|||
|
||||
app.use(function (req, res, next) {
|
||||
// Make user object available in templates.
|
||||
res.locals.user = req.user;
|
||||
fullUser = req.user;
|
||||
delete fullUser.password;
|
||||
res.locals.user = fullUser;
|
||||
next();
|
||||
});
|
||||
|
||||
|
|
|
@ -159,7 +159,6 @@ exports.returnIndividualStory = function(req, res, next) {
|
|||
upVotes: story.upVotes,
|
||||
comments: story.comments,
|
||||
id: story._id,
|
||||
user: req.user || null,
|
||||
timeAgo: moment(story.timePosted).fromNow(),
|
||||
image: story.image,
|
||||
page: 'show',
|
||||
|
|
|
@ -8,7 +8,7 @@ block content
|
|||
if (user && user.profile.username === username)
|
||||
.col-xs-12
|
||||
.text-center
|
||||
a.btn.btn-big.btn-primary(href="/account") Update my public portfolio
|
||||
a.btn.btn-big.btn-primary(href="/account") Update my public portfolio or manage my account
|
||||
br
|
||||
.row
|
||||
.col-xs-12
|
||||
|
|
Loading…
Reference in New Issue