From 163bc1a706e9a94687d28c885c1ff02089498b94 Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Tue, 11 Aug 2020 12:46:50 -0500
Subject: [Privacy] Check permissions of boosts and dereference boosts before
 sending to public timelines

---
 app/lib/status_filter.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'app/lib')

diff --git a/app/lib/status_filter.rb b/app/lib/status_filter.rb
index b6c80b801..725031a7f 100644
--- a/app/lib/status_filter.rb
+++ b/app/lib/status_filter.rb
@@ -53,6 +53,8 @@ class StatusFilter
   end
 
   def policy_allows_show?
-    StatusPolicy.new(account, status, @preloaded_relations).show?
+    return false unless StatusPolicy.new(account, status, @preloaded_relations).show?
+
+    status.reblog? ? StatusPolicy.new(account, status.reblog, @preloaded_relations).show? : true
   end
 end
-- 
cgit