From 08ff629af500f4c1e3c60384132fcc4299d24c6b Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 2 Mar 2021 13:29:54 +0300
Subject: limit user data sent to frontend

---
 classes/pref/users.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/classes/pref/users.php b/classes/pref/users.php
index f228ab390..cac0dca7c 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -6,6 +6,7 @@ class Pref_Users extends Handler_Administrative {
 
 		function edit() {
 			$user = ORM::for_table('ttrss_users')
+				->select_expr("id,login,access_level,email,full_name,otp_enabled")
 				->find_one((int)$_REQUEST["id"])
 				->as_array();
 
-- 
cgit v1.2.3