From dcebd9f849bee0bbf5cd131f6a7794635c4e2425 Mon Sep 17 00:00:00 2001
From: Marcos Zuriaga <wolfi@wolfi.es>
Date: Sun, 2 Oct 2016 19:42:50 +0200
Subject: [PATCH] Remove owner's shared key from the answer, not needed and a
 possible data leak

---
 lib/Service/ShareService.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php
index 8c720ee8..3a4b47d6 100644
--- a/lib/Service/ShareService.php
+++ b/lib/Service/ShareService.php
@@ -99,7 +99,8 @@ class ShareService {
         $return = [];
         foreach ($entries as $entry){
             $tmp = $entry->jsonSerialize();
-            $tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId());
+            $tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId())->jsonSerialize();
+            unset($tmp['credential_data']['shared_key']);
             $return[] = $tmp;
         }
         return $return;