diff options
author | Fire Demon <firedemon@creature.cafe> | 2020-08-11 12:46:50 -0500 |
---|---|---|
committer | Fire Demon <firedemon@creature.cafe> | 2020-08-30 05:45:17 -0500 |
commit | 163bc1a706e9a94687d28c885c1ff02089498b94 (patch) | |
tree | 5ea1d2afcc87b216763d33f3590f15150498837b /app/lib | |
parent | 351b3819b29b316136553e1f88032a9df9a7a731 (diff) |
[Privacy] Check permissions of boosts and dereference boosts before sending to public timelines
Diffstat (limited to 'app/lib')
-rw-r--r-- | app/lib/status_filter.rb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/app/lib/status_filter.rb b/app/lib/status_filter.rb index b6c80b801..725031a7f 100644 --- a/app/lib/status_filter.rb +++ b/app/lib/status_filter.rb @@ -53,6 +53,8 @@ class StatusFilter end def policy_allows_show? - StatusPolicy.new(account, status, @preloaded_relations).show? + return false unless StatusPolicy.new(account, status, @preloaded_relations).show? + + status.reblog? ? StatusPolicy.new(account, status.reblog, @preloaded_relations).show? : true end end |