Removed single character subscription vulnerability

2015-04-30 07:18:42 +02:00
parent 99a64667c6
commit aa069fd885
1 changed files with 2 additions and 1 deletions
--- a/rpg-docs/server/publications/singleCharacter.js
+++ b/rpg-docs/server/publications/singleCharacter.js
@@ -1,4 +1,5 @@
-Meteor.publish("singleCharacter", function(characterId, userId){
+Meteor.publish("singleCharacter", function(characterId){
+	userId = this.userId;
 	var char = Characters.findOne({
 		_id: characterId,
 		$or: [