diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2020-02-27 12:32:54 +0100 |
---|---|---|
committer | multiple creatures <dev@multiple-creature.party> | 2020-02-27 11:59:36 -0600 |
commit | 4caaaf1eee4f965e1073d2903a124ef98423a924 (patch) | |
tree | 6cd5348c31397622a08fe6258d6c4e228e6fc1ff /app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb | |
parent | acf8467ba73718ee8768bf2e9a6b0b4ff758775b (diff) |
**MAJOR**: port tootsuite#13161 to monsterfork: Fix leak of arbitrary statuses through unfavourite action in REST API
Diffstat (limited to 'app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb')
-rw-r--r-- | app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb index 80621881a..1686608db 100644 --- a/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb +++ b/app/controllers/api/v1/statuses/favourited_by_accounts_controller.rb @@ -68,8 +68,7 @@ class Api::V1::Statuses::FavouritedByAccountsController < Api::BaseController @status = Status.find(params[:status_id]) authorize @status, :show? rescue Mastodon::NotPermittedError - # Reraise in order to get a 404 instead of a 403 error code - raise ActiveRecord::RecordNotFound + not_found end def pagination_params(core_params) |