From e2a5be6e9a070792fa72711c812f75bc61990052 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Sat, 26 Jan 2019 23:59:39 +0100
Subject: Prevent posting toots with media attachments from someone else
 (#9921)

---
 app/services/post_status_service.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/services/post_status_service.rb')

diff --git a/app/services/post_status_service.rb b/app/services/post_status_service.rb
index 1f5a3f4cf..9959bb1fb 100644
--- a/app/services/post_status_service.rb
+++ b/app/services/post_status_service.rb
@@ -93,7 +93,7 @@ class PostStatusService < BaseService
 
     raise Mastodon::ValidationError, I18n.t('media_attachments.validations.too_many') if @options[:media_ids].size > 4
 
-    @media = MediaAttachment.where(status_id: nil).where(id: @options[:media_ids].take(4).map(&:to_i))
+    @media = @account.media_attachments.where(status_id: nil).where(id: @options[:media_ids].take(4).map(&:to_i))
 
     raise Mastodon::ValidationError, I18n.t('media_attachments.validations.images_and_video') if @media.size > 1 && @media.find(&:video?)
   end
-- 
cgit