Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix OEmbed leaking information about existence of non-public statuses (#12930)

Browse source
This commit is contained in:
Eugen Rochko 2020-01-24 00:20:51 +01:00 committed by GitHub
parent daf71573d0
commit c4c315ea40
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
app/controllers/statuses_controller.rb
View file

@ -46,7 +46,7 @@ class StatusesController < ApplicationController
end
def embed
raise ActiveRecord::RecordNotFound if @status.hidden?
return not_found if @status.hidden?
expires_in 180, public: true
response.headers['X-Frame-Options'] = 'ALLOWALL'
@ -68,7 +68,7 @@ class StatusesController < ApplicationController
@status = @account.statuses.find(params[:id])
authorize @status, :show?
rescue Mastodon::NotPermittedError
raise ActiveRecord::RecordNotFound
not_found
end
def set_instance_presenter