Merge branch 'master' into master

author: André Lewin <andre.charles.lewin@gmail.com> 2017-04-05 20:28:58 +0200
committer: GitHub <noreply@github.com> 2017-04-05 20:28:58 +0200
commit: bf7cefa516075b480fd5da5ea4b1385d7d17bdd5 (patch)
tree: 45bc6b379f5d06553d0a3e5bf4c0e2b452b7552f /app/controllers/api/v1/statuses_controller.rb
parent: 8736ef50ad13d5506bd6a673d4fcb96c33b609a3 (diff)
parent: d13d169922c7efeb6e6c20ef6a271eeda552275f (diff)
1 files changed, 9 insertions, 5 deletions
diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb
index 024258c0e..4ece7e702 100644
--- a/app/controllers/api/v1/statuses_controller.rb
+++ b/app/controllers/api/v1/statuses_controller.rb
@@ -62,11 +62,11 @@ class Api::V1::StatusesController < ApiController
   end
 
   def create
-    @status = PostStatusService.new.call(current_user.account, params[:status], params[:in_reply_to_id].blank? ? nil : Status.find(params[:in_reply_to_id]), media_ids: params[:media_ids],
-                                                                                                                                                             sensitive: params[:sensitive],
-                                                                                                                                                             spoiler_text: params[:spoiler_text],
-                                                                                                                                                             visibility: params[:visibility],
-                                                                                                                                                             application: doorkeeper_token.application)
+    @status = PostStatusService.new.call(current_user.account, status_params[:status], status_params[:in_reply_to_id].blank? ? nil : Status.find(status_params[:in_reply_to_id]), media_ids: status_params[:media_ids],
+                                                                                                                                                                                  sensitive: status_params[:sensitive],
+                                                                                                                                                                                  spoiler_text: status_params[:spoiler_text],
+                                                                                                                                                                                  visibility: status_params[:visibility],
+                                                                                                                                                                                  application: doorkeeper_token.application)
     render action: :show
   end
 
@@ -111,4 +111,8 @@ class Api::V1::StatusesController < ApiController
     @status = Status.find(params[:id])
     raise ActiveRecord::RecordNotFound unless @status.permitted?(current_account)
   end
+
+  def status_params
+    params.permit(:status, :in_reply_to_id, :sensitive, :spoiler_text, :visibility, media_ids: [])
+  end
 end
author	André Lewin <andre.charles.lewin@gmail.com>	2017-04-05 20:28:58 +0200
committer	GitHub <noreply@github.com>	2017-04-05 20:28:58 +0200
commit	bf7cefa516075b480fd5da5ea4b1385d7d17bdd5 (patch)
tree	45bc6b379f5d06553d0a3e5bf4c0e2b452b7552f /app/controllers/api/v1/statuses_controller.rb
parent	8736ef50ad13d5506bd6a673d4fcb96c33b609a3 (diff)
parent	d13d169922c7efeb6e6c20ef6a271eeda552275f (diff)