From a607cb1cb1b28b0acc7736689ab261c2c6174dc6 Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Wed, 27 Oct 2021 02:36:24 -0500
Subject: [PATCH] posts: fix IP leak in /posts.json includes.

This leaks the full post object in the error message, which includes the
uploader's IP:

* https://danbooru.donmai.us/posts/4871548.json?only=updater
---
 app/models/post.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/post.rb b/app/models/post.rb
index 2aceaa562..7d803790c 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -1359,7 +1359,7 @@ class Post < ApplicationRecord
   def self.available_includes
     # attributes accessible through the ?only= parameter
     %i[
-      uploader updater approver upload flags appeals parent children notes
+      uploader approver upload flags appeals parent children notes
       comments approvals disapprovals replacements pixiv_ugoira_frame_data
       artist_commentary
     ]