From cf08d2c751a837fb62db67e5aae28baf1f316317 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Tue, 15 Oct 2013 09:50:30 +1100
Subject: [PATCH] security: when login is required don't return the site node
 in the preload store

---
 app/models/site.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/models/site.rb b/app/models/site.rb
index d4aa6d65f2c..8cd238282b5 100644
--- a/app/models/site.rb
+++ b/app/models/site.rb
@@ -55,6 +55,11 @@ class Site
   end
 
   def self.cached_json(guardian)
+
+    if guardian.anonymous? && SiteSetting.login_required
+      return {}.to_json
+    end
+
     # Sam: bumping this way down, SiteSerializer will serialize post actions as well,
     #   On my local this was not being flushed as post actions types changed, it turn this
     #   broke local.