Infrastructure/ghost
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2025-02-10 23:36:14 -05:00
Code Issues Activity

🐛 protect setup (#8030)

Browse source 
refs #7452

- we have to query the owner user by "inactive" status
- otherwise it is possible to override the owner's email address
This commit is contained in:
Katharina Irrgang 2017-02-27 20:07:00 +01:00 committed by Hannah Wolfe
parent 63723aa36a
commit dfde5d14f1
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/server/auth/auth-strategies.js
View file

@ -115,7 +115,7 @@ strategies = {
}; };
handleSetup = function handleSetup() { handleSetup = function handleSetup() {
return models.User.findOne({slug: 'ghost-owner', status: 'all'}, options) return models.User.findOne({slug: 'ghost-owner', status: 'inactive'}, options)
.then(function fetchedOwner(owner) { .then(function fetchedOwner(owner) {
if (!owner) { if (!owner) {
throw new errors.NotFoundError({message: i18n.t('errors.models.user.userNotFound')}); throw new errors.NotFoundError({message: i18n.t('errors.models.user.userNotFound')});