API endpoint api/v3/user/<username>/overview can be used to bypass the block_anon_stalking setting
Opened this issue · 0 comments
Deleted user commented
The check for block_anon_stalking
setting is currently only done in app/templates/usercomments.html and app/templates/userposts.html.
It should also be checked in the user_overview
function of app/views/api3.py, otherwise if block_anon_stalking
is enabled, it can be bypassed via this API endpoint.