Fix moderator account leak in status edit history (#17746)

signup-info-prompt
Eugen Rochko 2022-03-12 08:23:03 +01:00 committed by GitHub
parent 75e33fd08f
commit ee8d4dd056
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions

View File

@ -68,6 +68,8 @@ class Admin::StatusBatchAction
end end
def handle_mark_as_sensitive! def handle_mark_as_sensitive!
representative_account = Account.representative
# Can't use a transaction here because UpdateStatusService queues # Can't use a transaction here because UpdateStatusService queues
# Sidekiq jobs # Sidekiq jobs
statuses.includes(:media_attachments, :preview_cards).find_each do |status| statuses.includes(:media_attachments, :preview_cards).find_each do |status|
@ -76,7 +78,7 @@ class Admin::StatusBatchAction
authorize(status, :update?) authorize(status, :update?)
if target_account.local? if target_account.local?
UpdateStatusService.new.call(status, current_account.id, sensitive: true) UpdateStatusService.new.call(status, representative_account.id, sensitive: true)
else else
status.update(sensitive: true) status.update(sensitive: true)
end end