From 60c449e1d77c6e11ced796a7e088038d80137de6 Mon Sep 17 00:00:00 2001
From: multiple creatures <dev@multiple-creature.party>
Date: Fri, 30 Aug 2019 20:29:42 -0500
Subject: make sure media attachments are not from a blocked account, CDN, or
 their subdomains

---
 app/controllers/media_proxy_controller.rb | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/media_proxy_controller.rb b/app/controllers/media_proxy_controller.rb
index d820b257e..c46fc2124 100644
--- a/app/controllers/media_proxy_controller.rb
+++ b/app/controllers/media_proxy_controller.rb
@@ -7,7 +7,7 @@ class MediaProxyController < ApplicationController
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?
         @media_attachment = MediaAttachment.remote.find(params[:id])
-        redownload! if @media_attachment.needs_redownload? && !reject_media?
+        redownload! if !@media_attachment.blocked? && @media_attachment.needs_redownload?
       else
         raise Mastodon::RaceConditionError
       end
@@ -35,8 +35,4 @@ class MediaProxyController < ApplicationController
   def lock_options
     { redis: Redis.current, key: "media_download:#{params[:id]}" }
   end
-
-  def reject_media?
-    DomainBlock.find_by(domain: @media_attachment.account.domain)&.reject_media?
-  end
 end
-- 
cgit