closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
Browse Source

Fix leak of existence of otherwise inaccessible statuses in REST API (#17684)

closed-social-glitch-2
Eugen Rochko 2 years ago
committed by GitHub
parent
02b8d63fce
commit
e24b14cc74
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -2
      app/controllers/api/v1/statuses_controller.rb

+ 3
- 2
app/controllers/api/v1/statuses_controller.rb View File

@ -92,8 +92,9 @@ class Api::V1::StatusesController < Api::BaseController
end
def set_thread
@thread = status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id])
rescue ActiveRecord::RecordNotFound
@thread = Status.find(status_params[:in_reply_to_id]) if status_params[:in_reply_to_id].present?
authorize(@thread, :show?) if @thread.present?
rescue ActiveRecord::RecordNotFound, Mastodon::NotPermittedError
render json: { error: I18n.t('statuses.errors.in_reply_not_found') }, status: 404
end

Write Preview
Loading…
Cancel
Save