Closed ghost closed 3 years ago
The check for block_anon_stalking setting is currently only done in app/templates/usercomments.html and app/templates/userposts.html.
block_anon_stalking
It should also be checked in the user_overview function of app/views/api3.py, otherwise if block_anon_stalking is enabled, it can be bypassed via this API endpoint.
user_overview
The check for
block_anon_stalkingsetting is currently only done in app/templates/usercomments.html and app/templates/userposts.html.It should also be checked in the
user_overviewfunction of app/views/api3.py, otherwise ifblock_anon_stalkingis enabled, it can be bypassed via this API endpoint.