Fix #6022 - Prevent nested migrated accounts, or migrations to self (#6026)

2 files changed, 7 insertions, 4 deletions

diff --git a/app/controllers/settings/migrations_controller.rb b/app/controllers/settings/migrations_controller.rb
index b18403a7f..bc6436b87 100644
--- a/app/controllers/settings/migrations_controller.rb
+++ b/app/controllers/settings/migrations_controller.rb
@@ -28,6 +28,7 @@ class Settings::MigrationsController < ApplicationController
   end
 
   def migration_account_changed?
-    current_account.moved_to_account_id != @migration.account&.id
+    current_account.moved_to_account_id != @migration.account&.id &&
+      current_account.id != @migration.account&.id
   end
 end
diff --git a/app/serializers/rest/account_serializer.rb b/app/serializers/rest/account_serializer.rb
index bab944c5a..19b746520 100644
--- a/app/serializers/rest/account_serializer.rb
+++ b/app/serializers/rest/account_serializer.rb
@@ -7,9 +7,7 @@ class REST::AccountSerializer < ActiveModel::Serializer
              :note, :url, :avatar, :avatar_static, :header, :header_static,
              :followers_count, :following_count, :statuses_count
 
-  has_one :moved_to_account, key: :moved, serializer: REST::AccountSerializer, if: :moved?
-
-  delegate :moved?, to: :object
+  has_one :moved_to_account, key: :moved, serializer: REST::AccountSerializer, if: :moved_and_not_nested?
 
   def id
     object.id.to_s
@@ -38,4 +36,8 @@ class REST::AccountSerializer < ActiveModel::Serializer
   def header_static
     full_asset_url(object.header_static_url)
   end
+
+  def moved_and_not_nested?
+    object.moved? && object.moved_to_account.moved_to_account_id.nil?
+  end
 end