From a1df1abf0bdbf4ab447a32255861e631891a594f Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Fri, 14 Dec 2018 18:08:43 -0600
Subject: [PATCH] Fix #4020: Flagger name information leak.

---
 app/models/post_event.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/app/models/post_event.rb b/app/models/post_event.rb
index 26a8cd1af..5b46fde6b 100644
--- a/app/models/post_event.rb
+++ b/app/models/post_event.rb
@@ -61,4 +61,11 @@ class PostEvent
       "type": nil,
     }
   end
+
+  # XXX can't use hidden_attributes because we don't inherit from ApplicationRecord.
+  def serializable_hash(**options)
+    hash = super
+    hash = hash.except(:creator_id) unless is_creator_visible?
+    hash
+  end
 end