From 0d61417814db55d840f6b04aeee4c604bbeb991a Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Sun, 5 Feb 2017 19:59:16 -0500
Subject: [PATCH] Addresses security flaw allowing unauthenticated access to
 server overview.

---
 app/Models/Server.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/Models/Server.php b/app/Models/Server.php
index ff63af0e5..b6ffa2e4e 100644
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -113,7 +113,9 @@ class Server extends Model
      */
     public static function byUuid($uuid)
     {
-        $query = self::with('service', 'node')->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
+        $query = self::with('service', 'node')->where(function ($q) use ($uuid) {
+            $q->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
+        });
 
         if (! Auth::user()->isRootAdmin()) {
             $query->whereIn('id', Auth::user()->serverAccessArray());