commit: 32987004c95aebfc390b7cd9e93d9a386095c0a0
parent: 31ac5f0e00b003f060788d7a335f4ec33dd77d9a
Author: William Pitcock <nenolod@dereferenced.org>
Date: Fri, 24 Nov 2017 18:36:08 -0600
status: preserve visibility attribute when reblogging (infoleak fix) (#5789)
this should fix *all* remaining visibility-related mastodon ostatus infoleaks.
thanks to @csaurus@gnusocial.de for pointing out the infoleak.
Diffstat:
1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/app/models/status.rb b/app/models/status.rb
@@ -278,6 +278,7 @@ class Status < ApplicationRecord
def set_visibility
self.visibility = (account.locked? ? :private : :public) if visibility.nil?
+ self.visibility = reblog.visibility if reblog?
self.sensitive = false if sensitive.nil?
end
