limit user data sent to frontend

author: Andrew Dolgov <[email protected]> 2021-03-02 13:29:54 +0300
committer: Andrew Dolgov <[email protected]> 2021-03-02 13:29:54 +0300
commit: 08ff629af500f4c1e3c60384132fcc4299d24c6b (patch)
tree: b494338bccc04200a2a902d5b14792c30684f792
parent: d4ad483add718964fce1571402b5f4fa7a13374a (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/classes/pref/users.php b/classes/pref/users.php
index f228ab390..cac0dca7c 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -6,6 +6,7 @@ class Pref_Users extends Handler_Administrative {
 
 		function edit() {
 			$user = ORM::for_table('ttrss_users')
+				->select_expr("id,login,access_level,email,full_name,otp_enabled")
 				->find_one((int)$_REQUEST["id"])
 				->as_array();
author	Andrew Dolgov <[email protected]>	2021-03-02 13:29:54 +0300
committer	Andrew Dolgov <[email protected]>	2021-03-02 13:29:54 +0300
commit	08ff629af500f4c1e3c60384132fcc4299d24c6b (patch)
tree	b494338bccc04200a2a902d5b14792c30684f792
parent	d4ad483add718964fce1571402b5f4fa7a13374a (diff)