From 5b00e9e191af7e75cd2dc056e08f124dc0db3a6f Mon Sep 17 00:00:00 2001
From: Bernhard Suttner <suttner@atix.de>
Date: Fri, 10 May 2024 17:18:15 +0200
Subject: [PATCH] Fixes #37437 - Prevent XSS issue for pages using react and
 angular

---
 app/helpers/layout_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/helpers/layout_helper.rb b/app/helpers/layout_helper.rb
index 1cbc4a48dd0..77848fed8f0 100644
--- a/app/helpers/layout_helper.rb
+++ b/app/helpers/layout_helper.rb
@@ -40,7 +40,7 @@ def fetch_locations
   end
 
   def fetch_user
-    { current_user: User.current, user_dropdown: Menu::Manager.to_hash(:side_menu), impersonated_by: User.unscoped.find_by_id(session[:impersonated_by]) }
+    { current_user: User.current.as_json(only: [:id, :firstname, :lastname, :mail, :admin, :last_login_on, :name]), user_dropdown: Menu::Manager.to_hash(:side_menu), impersonated_by: User.unscoped.find_by_id(session[:impersonated_by]) }
   end
 
   def layout_data