about summary refs log tree commit diff
path: root/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2020-02-27 12:32:54 +0100
committermultiple creatures <dev@multiple-creature.party>2020-02-27 11:59:36 -0600
commit4caaaf1eee4f965e1073d2903a124ef98423a924 (patch)
tree6cd5348c31397622a08fe6258d6c4e228e6fc1ff /app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
parentacf8467ba73718ee8768bf2e9a6b0b4ff758775b (diff)
**MAJOR**: port tootsuite#13161 to monsterfork: Fix leak of arbitrary statuses through unfavourite action in REST API
Diffstat (limited to 'app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb')
-rw-r--r--app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb3


1 files changed, 1 insertions, 2 deletions
diff --git a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
index 80621881a..1686608db 100644
--- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@@ -68,8 +68,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
     @status = Status.find(params[:status_id])
     authorize @status, :show?
   rescue Mastodon::NotPermittedError
-    # Reraise in order to get a 404 instead of a 403 error code
-    raise ActiveRecord::RecordNotFound
+    not_found
   end
 
   def pagination_params(core_params)

 

generated by cgit-pink  (git 2.37.1) at 2024-08-12 14:49:11 +0000