From 163bc1a706e9a94687d28c885c1ff02089498b94 Mon Sep 17 00:00:00 2001
From: Fire Demon <firedemon@creature.cafe>
Date: Tue, 11 Aug 2020 12:46:50 -0500
Subject: [Privacy] Check permissions of boosts and dereference boosts before
 sending to public timelines

---
 app/policies/status_policy.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/policies/status_policy.rb')

diff --git a/app/policies/status_policy.rb b/app/policies/status_policy.rb
index 317f450eb..80e06d820 100644
--- a/app/policies/status_policy.rb
+++ b/app/policies/status_policy.rb
@@ -25,7 +25,7 @@ class StatusPolicy < ApplicationPolicy
   end
 
   def reblog?
-    !requires_mention? && (!private? || owned?) && show? && !blocking_author?
+    published && !requires_mention? && (!private? || owned?) && show? && !blocking_author?
   end
 
   def favourite?
-- 
cgit