Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-02-20 23:14:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fixed CRITICAL SECURITY ISSUE of SMTP password visible to Admin at

Browse source 
Admin Panel by using browser inspect to see behind asterisks.

Thanks to Georg Krause and xet7 !
This commit is contained in:
Lauri Ojansivu 2021-02-25 09:02:23 +02:00
parent 64d4c3f971
commit 71725f1b26
2 changed files with 13 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

13
server/publications/settings.js
View file

@ -31,7 +31,18 @@ Meteor.publish('mailServer', function() {
if (!Match.test(this.userId, String)) return [];
const user = Users.findOne(this.userId);
if (user && user.isAdmin) {
return Settings.find({}, { fields: { mailServer: 1 } });
return Settings.find(
{},
{
fields: {
'mailServer.host': 1,
'mailServer.port': 1,
'mailServer.username': 1,
'mailServer.enableTLS': 1,
'mailServer.from': 1,
},
},
);
}
return [];
});