status: preserve visibility attribute when reblogging (infoleak fix) (#5789)

this should fix *all* remaining visibility-related mastodon ostatus infoleaks.
thanks to @csaurus@gnusocial.de for pointing out the infoleak.
remotes/1727458204337373841/tmp_refs/heads/signup-info-prompt
William Pitcock 2017-11-24 18:36:08 -06:00 committed by Eugen Rochko
parent 31ac5f0e00
commit 32987004c9
1 changed files with 1 additions and 0 deletions

View File

@ -278,6 +278,7 @@ class Status < ApplicationRecord
def set_visibility def set_visibility
self.visibility = (account.locked? ? :private : :public) if visibility.nil? self.visibility = (account.locked? ? :private : :public) if visibility.nil?
self.visibility = reblog.visibility if reblog?
self.sensitive = false if sensitive.nil? self.sensitive = false if sensitive.nil?
end end