github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-03 02:48:28 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Don't leak topic title in the redirect

Browse Source
This commit is contained in:
riking
2015-02-04 11:49:05 -08:00
parent 3948a960cd
commit 4c8850108a
2 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/controllers/posts_controller.rb
View File

@ -70,6 +70,8 @@ class PostsController < ApplicationController
user = User.find(params[:user_id].to_i)
request['u'] = user.username_lower if user
end
guardian.ensure_can_see!(post)
redirect_to post.url
end