about summary refs log tree commit diff
path: root/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2020-02-27 12:32:54 +0100
committerGitHub <noreply@github.com>2020-02-27 12:32:54 +0100
commit0c28a505dddd13e2773cd3d5e0beef76a21eb415 (patch)
treeefbe459449b07cadedf57e3f344d617ed7a98b39 /app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
parent7face973fa1c7d6c18b06d427ea0b7a741d11466 (diff)
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161)
Diffstat (limited to 'app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb')
-rw-r--r--app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb3


1 files changed, 1 insertions, 2 deletions
diff --git a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
index 99eff360e..05f4acc33 100644
--- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
+++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb
@@ -69,8 +69,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController
     @status = Status.find(params[:status_id])
     authorize @status, :show?
   rescue Mastodon::NotPermittedError
-    # Reraise in order to get a 404 instead of a 403 error code
-    raise ActiveRecord::RecordNotFound
+    not_found
   end
 
   def pagination_params(core_params)

 

generated by cgit-pink  (git 2.37.1) at 2024-06-02 12:08:43 +0000