diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2020-02-27 12:32:54 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-27 12:32:54 +0100 |
commit | 0c28a505dddd13e2773cd3d5e0beef76a21eb415 (patch) | |
tree | efbe459449b07cadedf57e3f344d617ed7a98b39 /app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb | |
parent | 7face973fa1c7d6c18b06d427ea0b7a741d11466 (diff) |
Fix leak of arbitrary statuses through unfavourite action in REST API (#13161)
Diffstat (limited to 'app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb')
-rw-r--r-- | app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb index cc285ad23..fa60e7d84 100644 --- a/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb +++ b/app/controllers/api/v1/statuses/reblogged_by_accounts_controller.rb @@ -66,8 +66,7 @@ class Api::V1::Statuses::RebloggedByAccountsController < Api::BaseController @status = Status.find(params[:status_id]) authorize @status, :show? rescue Mastodon::NotPermittedError - # Reraise in order to get a 404 instead of a 403 error code - raise ActiveRecord::RecordNotFound + not_found end def pagination_params(core_params) |