ENXF NET
Administrator
Staff member
Administrator
Moderator
+Lifetime VIP+
S.V.I.P.S Member
S.V.I.P Member
V.I.P Member
Collaborate
Registered
- Joined
- Nov 13, 2018
- Messages
- 23,699
- Points
- 823
A custom user field can be defined as
The general perception here is that such a field is "private", eg. can only be seen / modified by Moderators or Administrators.
Yet such fields are returned in API calls like
This could be a security issue, at least it is unexpected.
Suggested Fix
Do not return...
Read more
Continue reading...
- Not being editable by the user
- Not being shown on pofile pages
- Not being shown in message user info
- Not required
The general perception here is that such a field is "private", eg. can only be seen / modified by Moderators or Administrators.
Yet such fields are returned in API calls like
me if the API key has scope user:read.This could be a security issue, at least it is unexpected.
Suggested Fix
Do not return...
Read more
Continue reading...