tarrien/Mastodon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

status: preserve visibility attribute when reblogging (infoleak fix) (#5789)

Browse Source 
this should fix *all* remaining visibility-related mastodon ostatus infoleaks.
thanks to @csaurus@gnusocial.de for pointing out the infoleak.
This commit is contained in:
William Pitcock
2017-11-24 18:36:08 -06:00
committed by Eugen Rochko
parent 31ac5f0e00
commit 32987004c9
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/models/status.rb
View File

@@ -278,6 +278,7 @@ class Status < ApplicationRecord
def set_visibility def set_visibility
self.visibility = (account.locked? ? :private : :public) if visibility.nil? self.visibility = (account.locked? ? :private : :public) if visibility.nil?
self.visibility = reblog.visibility if reblog?
self.sensitive = false if sensitive.nil? self.sensitive = false if sensitive.nil?
end end