Fix potential private status leak (#10969)

2019-06-05 13:40:20 +02:00
parent d34a3a2cc7
commit 7fa23ec697
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -27,7 +27,7 @@ class StatusesController < ApplicationController
  def show
    respond_to do |format|
      format.html do
-        unless user_signed_in?
+        if current_account.nil?
          skip_session!
          expires_in 10.seconds, public: true
        end