From d6930b3847405dc9f8c1a54fb74d488a3c9a775e Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 13 Feb 2023 16:36:29 +0100 Subject: Add API parameter to safeguard unexpect mentions in new posts (#18350) --- app/controllers/api/v1/statuses_controller.rb | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'app/controllers/api') diff --git a/app/controllers/api/v1/statuses_controller.rb b/app/controllers/api/v1/statuses_controller.rb index 9a8c0c161..fadd1b045 100644 --- a/app/controllers/api/v1/statuses_controller.rb +++ b/app/controllers/api/v1/statuses_controller.rb @@ -63,11 +63,18 @@ class Api::V1::StatusesController < Api::BaseController scheduled_at: status_params[:scheduled_at], application: doorkeeper_token.application, poll: status_params[:poll], + allowed_mentions: status_params[:allowed_mentions], idempotency: request.headers['Idempotency-Key'], with_rate_limit: true ) render json: @status, serializer: @status.is_a?(ScheduledStatus) ? REST::ScheduledStatusSerializer : REST::StatusSerializer + rescue PostStatusService::UnexpectedMentionsError => e + unexpected_accounts = ActiveModel::Serializer::CollectionSerializer.new( + e.accounts, + serializer: REST::AccountSerializer + ) + render json: { error: e.message, unexpected_accounts: unexpected_accounts }, status: 422 end def update @@ -128,6 +135,7 @@ class Api::V1::StatusesController < Api::BaseController :visibility, :language, :scheduled_at, + allowed_mentions: [], media_ids: [], media_attributes: [ :id, -- cgit