status: preserve visibility attribute when reblogging (infoleak fix) (#5789)

this should fix *all* remaining visibility-related mastodon ostatus infoleaks. thanks to @csaurus@gnusocial.de for pointing out the infoleak.
author: William Pitcock <nenolod@dereferenced.org> 2017-11-24 18:36:08 -0600
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-11-25 01:36:08 +0100
commit: 32987004c95aebfc390b7cd9e93d9a386095c0a0 (patch)
tree: 06737b8c8b389187cb0528a6b25d30e2a388e7b8 /app/models/status.rb
parent: 31ac5f0e00b003f060788d7a335f4ec33dd77d9a (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/app/models/status.rb b/app/models/status.rb
index d6810941a..8579ff9e4 100644
--- a/app/models/status.rb
+++ b/app/models/status.rb
@@ -278,6 +278,7 @@ class Status < ApplicationRecord
 
   def set_visibility
     self.visibility = (account.locked? ? :private : :public) if visibility.nil?
+    self.visibility = reblog.visibility if reblog?
     self.sensitive  = false if sensitive.nil?
   end
author	William Pitcock <nenolod@dereferenced.org>	2017-11-24 18:36:08 -0600
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-11-25 01:36:08 +0100
commit	32987004c95aebfc390b7cd9e93d9a386095c0a0 (patch)
tree	06737b8c8b389187cb0528a6b25d30e2a388e7b8 /app/models/status.rb
parent	31ac5f0e00b003f060788d7a335f4ec33dd77d9a (diff)