From 5d8bd516e904191621321f313b5e777eef1594ba Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Thu, 24 Sep 2015 13:20:55 -0700
Subject: [PATCH] [SECURITY] JSON replies were leaking data for OPs of threads

---
 inc/api.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/inc/api.php b/inc/api.php
index 9972deb6..36edf86d 100644
--- a/inc/api.php
+++ b/inc/api.php
@@ -103,7 +103,14 @@ class Api {
 		$fields = $threadsPage ? $this->threadsPageFields : $this->postFields;
 		$this->translateFields($fields, $post, $apiPost);
 
-		if ($this->config['poster_ids']) $apiPost['id'] = poster_id($post->ip, $post->thread, $board['uri']);
+		if ($this->config['poster_ids']) {
+			if ($post->thread) {
+				$apiPost['id'] = poster_id($post->ip, $post->thread, $board['uri']);
+			} else {
+				$apiPost['id'] = poster_id($post->ip, $post->id, $board['uri']);
+			}
+		}
+
 		if ($threadsPage) return $apiPost;
 
 		// Handle country field