Unfloyded/Legamunt
0
0
Fork 0
Code Activity

Fix /api/v1/timelines/tag/:hashtag allowing for unauthenticated access when public preview is disabled (#26237)

Browse source
This commit is contained in:
Daniel M Brasil 2023-08-31 08:53:24 -03:00 committed by GitHub
parent 336ec503c2
commit ccca542db1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

5
app/controllers/api/v1/timelines/tag_controller.rb
View file

@ -1,6 +1,7 @@
# frozen_string_literal: true
class Api::V1::Timelines::TagController < Api::BaseController
before_action -> { doorkeeper_authorize! :read, :'read:statuses' }, only: :show, if: :require_auth?
before_action :load_tag
after_action :insert_pagination_headers, unless: -> { @statuses.empty? }
@ -12,6 +13,10 @@ class Api::V1::Timelines::TagController < Api::BaseController
private
def require_auth?
!Setting.timeline_preview
end
def load_tag
@tag = Tag.find_normalized(params[:id])
end