nekobus
/
mastodon_neko
forked from closed-social/mastodon
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Fix leaking private statuses the admin account follows (#11300) 

Now that the request is signed, it can return private toots. Do not leak them.
master
ThibG 5 years ago
committed by Eugen Rochko
parent
2ea4dbb035
commit
3595ce6325
1 changed files with 3 additions and 1 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -1
      app/services/resolve_url_service.rb

+ 3
- 1
app/services/resolve_url_service.rb View File

@ -21,7 +21,9 @@ class ResolveURLService < BaseService
if equals_or_includes_any?(type, ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES) if equals_or_includes_any?(type, ActivityPub::FetchRemoteAccountService::SUPPORTED_TYPES)
FetchRemoteAccountService.new.call(resource_url, body, protocol) FetchRemoteAccountService.new.call(resource_url, body, protocol)
elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES) elsif equals_or_includes_any?(type, ActivityPub::Activity::Create::SUPPORTED_TYPES + ActivityPub::Activity::Create::CONVERTED_TYPES)
FetchRemoteStatusService.new.call(resource_url, body, protocol)
status = FetchRemoteStatusService.new.call(resource_url, body, protocol)
authorize_with @on_behalf_of, status, :show? unless status.nil?
status
end end
end end

Write Preview
Loading…
Cancel
Save