diff options
author | unarist <m.unarist@gmail.com> | 2017-09-03 00:42:47 +0900 |
---|---|---|
committer | Eugen Rochko <eugen@zeonfederated.com> | 2017-09-02 17:42:47 +0200 |
commit | 6a4e2db661f47a318bbf93a07ba9f16f7bac3ee0 (patch) | |
tree | f806d4d6f236059d624f691254b7bdffb5541497 /app | |
parent | bfa7f9ebf22581a387606716fe3f86e85e1c9db5 (diff) |
Raise an error for remote url in StatusFinder (#4776)
* Raise an error for remote url in StatusFinder Previous implementation had allowed remote url with status id which also exists on local. Then that bug leads /api/web/embed to return wrong embed url. * Fix oembed_controller_spec
Diffstat (limited to 'app')
-rw-r--r-- | app/lib/status_finder.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/lib/status_finder.rb b/app/lib/status_finder.rb index bd910f12b..4d1aed297 100644 --- a/app/lib/status_finder.rb +++ b/app/lib/status_finder.rb @@ -10,6 +10,8 @@ class StatusFinder def status verify_action! + raise ActiveRecord::RecordNotFound unless TagManager.instance.local_url?(url) + case recognized_params[:controller] when 'stream_entries' StreamEntry.find(recognized_params[:id]).status |