Skip to content

Commit

Permalink
Fix potential private status leak (mastodon#10969)
Browse files Browse the repository at this point in the history
  • Loading branch information
@ClearlyClaire
ClearlyClaire authored and multiple creatures committed Nov 19, 2019
1 parent 43007ae commit 86d8fba
Showing 1 changed file with 1 addition and 4 deletions.
5 changes: 1 addition & 4 deletions app/controllers/statuses_controller.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,7 @@ class StatusesController < ApplicationController
def show
respond_to do |format|
format.html do
use_pack 'public'

unless user_signed_in?
if current_account.nil?
skip_session!
expires_in 10.seconds, public: true
end
Expand Down Expand Up @@ -64,7 +62,6 @@ def activity
end

def embed
use_pack 'embed'
raise ActiveRecord::RecordNotFound if @status.hidden?

skip_session!
Expand Down

0 comments on commit 86d8fba

Please sign in to comment.