From 62c9aec04cb08555042332c3ff0c6eeec656f9cb Mon Sep 17 00:00:00 2001
From: Iris Morelle <shadowm@wesnoth.org>
Date: Sat, 14 Mar 2020 00:52:32 -0300
Subject: [PATCH] campaignd: Remove unwanted attributes from server response

As opposed to merely blanking them out.

Closes #4800.
---
 src/campaign_server/campaign_server.cpp | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/src/campaign_server/campaign_server.cpp b/src/campaign_server/campaign_server.cpp
index 68c5dfa5d198..08ed8a11e6b7 100644
--- a/src/campaign_server/campaign_server.cpp
+++ b/src/campaign_server/campaign_server.cpp
@@ -641,19 +641,16 @@ void server::handle_request_campaign_list(const server::request& req)
 
 	for(config& j : campaign_list.child_range("campaign"))
 	{
-		j["passphrase"] = "";
-		j["passhash"] = "";
-		j["passsalt"] = "";
-		j["upload_ip"] = "";
-		j["email"] = "";
-		j["feedback_url"] = "";
-
-		// Build a feedback_url string attribute from the
-		// internal [feedback] data.
+		// Remove attributes containing information that's considered sensitive
+		// or irrelevant to clients
+		j.remove_attributes("passphrase", "passhash", "passsalt", "upload_ip", "email");
+
+		// Build a feedback_url string attribute from the internal [feedback]
+		// data or deliver an empty value, in case clients decide to assume its
+		// presence.
 		const config& url_params = j.child_or_empty("feedback");
-		if(!url_params.empty() && !feedback_url_format_.empty()) {
-			j["feedback_url"] = format_addon_feedback_url(feedback_url_format_, url_params);
-		}
+		j["feedback_url"] = !url_params.empty() && !feedback_url_format_.empty()
+							? format_addon_feedback_url(feedback_url_format_, url_params) : "";
 
 		// Clients don't need to see the original data, so discard it.
 		j.clear_children("feedback");