From 00d8ce26637816d4bead61a3cd8f1acc3e6f9bf6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Tue, 23 Jun 2020 15:47:10 -0400
Subject: [PATCH 1/2] fix: only allow valid uids

---
 src/socket.io/user/profile.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js
index 0886b1e24c..4519d46bad 100644
--- a/src/socket.io/user/profile.js
+++ b/src/socket.io/user/profile.js
@@ -162,7 +162,7 @@ module.exports = function (SocketUser) {
 			throw new Error('[[error:invalid-uid]]');
 		}
 
-		if (!data || !data.uid) {
+		if (!data || !(parseInt(data.uid, 10) > 0)) {
 			throw new Error('[[error:invalid-data]]');
 		}
 

From 8482a54a68396333e0b14a792a8c96720a97b59c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Wed, 24 Jun 2020 10:22:50 -0400
Subject: [PATCH 2/2] fix: don't init autocomplete if user doesn't have privs

---
 public/src/client/search.js | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/public/src/client/search.js b/public/src/client/search.js
index f2d658edf7..af6e0ff163 100644
--- a/public/src/client/search.js
+++ b/public/src/client/search.js
@@ -188,15 +188,18 @@ define('forum/search', ['search', 'autocomplete', 'storage'], function (searchMo
 			confirmKeys: [13, 44],
 			trimValue: true,
 		});
-		autocomplete.user(userEl.siblings('.bootstrap-tagsinput').find('input'));
+		if (app.user.privileges['search:users']) {
+			autocomplete.user(userEl.siblings('.bootstrap-tagsinput').find('input'));
+		}
 
 		var tagEl = $('#has-tags');
 		tagEl.tagsinput({
 			confirmKeys: [13, 44],
 			trimValue: true,
 		});
-
-		autocomplete.tag(tagEl.siblings('.bootstrap-tagsinput').find('input'));
+		if (app.user.privileges['search:tags']) {
+			autocomplete.tag(tagEl.siblings('.bootstrap-tagsinput').find('input'));
+		}
 	}
 
 	return Search;