about:
title: "HomeBooru"
theme: "danbooru2"
url: "http://[redacted]/index.php?q="
versions:
shimmie: "2.12.0-alpha-20240825-8a8d78a"
schema: 21
php: "8.2.20"
db: "pgsql PostgreSQL 11.22 on x86_64-pc-linux-musl, compiled by gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014, 64-bit"
os: "Linux 33a54fc621fd 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64"
server: "Unit/1.32.1"
extensions:
core: ["admin","alias_editor","bbcode","comment","download","et","ext_manager","four_oh_four","handle_pixel","help_pages","image","index","media","mime","post_lock","post_owner","post_source","post_tags","replace_file","setup","static_files","system","tag_list","upgrade","upload","user","user_config","view"]
extra: ["auto_tagger","autocomplete","bulk_add_csv","emoticons_list","et_server","favorites","home","pools","post_titles","random_image","random_list","rating","regen_thumb","relationships","tag_categories","tag_tools","tagger_xml"]
handled_mimes: ["image/jpeg","image/gif","image/png","image/webp"]
stats:
images: 40871
comments: 0
users: 2
media:
memory_limit: "128MB"
disk_use: "140GB"
disk_total: "197GB"
thumbnails:
engine: "convert"
quality: 75
width: 190
height: 300
scaling: 100
mime: "image/jpeg"
My concern here is this can be an unwanted data leakage, showing what kinds of content are not visible to a particular user class.
Server Software
Client Software (please complete the following information)
What steps trigger this bug
What did you expect to happen?
I expected only "safe" posts to be shown, with applicable tags in the "popular tags" block to the left. I expected "popular tags" to be populated only with tags related to the visible subset.
What actually happened?
Only safe posts were shown, but the "popular tags" block reflects all images in the system, not just what is available to the anonymous user. This includes both tag names and quantities of images associated.
My concern here is this can be an unwanted data leakage, showing what kinds of content are not visible to a particular user class.