Fixing user search leaking emails.

author Dessalines <tyhou13@gmx.com>

Thu, 3 Sep 2020 13:48:26 +0000 (08:48 -0500)

committer Dessalines <tyhou13@gmx.com>

Thu, 3 Sep 2020 13:48:26 +0000 (08:48 -0500)
author Dessalines <tyhou13@gmx.com>
Thu, 3 Sep 2020 13:48:26 +0000 (08:48 -0500)
committer Dessalines <tyhou13@gmx.com>
Thu, 3 Sep 2020 13:48:26 +0000 (08:48 -0500)
diff --git a/server/lemmy_db/src/user_view.rs b/server/lemmy_db/src/user_view.rs

index 08f4c79cfa6acfe17c2f064622c1911c60c0516c..09a17aee310c8fa782deae06920dd667d2151225 100644 (file)
--- a/server/lemmy_db/src/user_view.rs
+++ b/server/lemmy_db/src/user_view.rs
@@ -125,6 +125,7 @@ impl<'a> UserQueryBuilder<'a> {
  
    pub fn list(self) -> Result<Vec<UserView>, Error> {
      use super::user_view::user_fast::dsl::*;
+    use diesel::sql_types::{Nullable, Text};
  
      let mut query = self.query;
  
@@ -154,6 +155,28 @@ impl<'a> UserQueryBuilder<'a> {
      let (limit, offset) = limit_and_offset(self.page, self.limit);
      query = query.limit(limit).offset(offset);
  
+    // The select is necessary here to not get back emails
+    query = query.select((
+      id,
+      actor_id,
+      name,
+      preferred_username,
+      avatar,
+      banner,
+      "".into_sql::<Nullable<Text>>(),
+      matrix_user_id,
+      bio,
+      local,
+      admin,
+      banned,
+      show_avatars,
+      send_notifications_to_email,
+      published,
+      number_of_posts,
+      post_score,
+      number_of_comments,
+      comment_score,
+    ));
      query.load::<UserView>(self.conn)
    }
  }
diff --git a/ui/src/components/search.tsx b/ui/src/components/search.tsx

index a18cc2d8e757ed219c8cd690bcea5e0c0603ff84..8ab7f599b16426ad42f17838df719e32c9dadfb7 100644 (file)
--- a/ui/src/components/search.tsx
+++ b/ui/src/components/search.tsx
@@ -311,7 +311,6 @@ export class Search extends Component<any, SearchState> {
                {i.type_ == 'users' && (
                  <div>
                    <span>
-                    @
                      <UserListing
                        user={{
                          name: (i.data as UserView).name,
@@ -398,11 +397,11 @@ export class Search extends Component<any, SearchState> {
            <div class="row">
              <div class="col-12">
                <span>
-                @
                  <UserListing
                    user={{
                      name: user.name,
                      avatar: user.avatar,
+                    preferred_username: user.preferred_username,
                    }}
                  />
                </span>
author	Dessalines <tyhou13@gmx.com>
	Thu, 3 Sep 2020 13:48:26 +0000 (08:48 -0500)
committer	Dessalines <tyhou13@gmx.com>
	Thu, 3 Sep 2020 13:48:26 +0000 (08:48 -0500)
server/lemmy_db/src/user_view.rs		patch \| blob \| history
ui/src/components/search.tsx		patch \| blob \| history