X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmastodon_api%2Fcontrollers%2Ftimeline_controller.ex;h=384159336c5a46e9572f95e4cce6cb8bce25e5f5;hb=c31ddce51ea18f052c1c3ad30a221b77c7a94e71;hp=9f086a8c2f40d31a2f22acab8ada32dc97c585a0;hpb=28fb98d69e31ce5a09e15e213491b880430a0902;p=akkoma

diff --git a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
index 9f086a8c2..384159336 100644
--- a/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
+++ b/lib/pleroma/web/mastodon_api/controllers/timeline_controller.ex
@@ -10,6 +10,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
 
   alias Pleroma.Pagination
   alias Pleroma.Plugs.OAuthScopesPlug
+  alias Pleroma.User
   alias Pleroma.Web.ActivityPub.ActivityPub
 
   plug(OAuthScopesPlug, %{scopes: ["read:statuses"]} when action in [:home, :direct])
@@ -28,7 +29,7 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
       |> Map.put("muting_user", user)
       |> Map.put("user", user)
 
-    recipients = [user.ap_id | user.following]
+    recipients = [user.ap_id | User.following(user)]
 
     activities =
       recipients
@@ -70,7 +71,6 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
       |> Map.put("blocking_user", user)
       |> Map.put("muting_user", user)
       |> ActivityPub.fetch_public_activities()
-      |> Enum.reverse()
 
     conn
     |> add_link_headers(activities, %{"local" => local_only})
@@ -109,7 +109,6 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
       |> Map.put("tag_all", tag_all)
       |> Map.put("tag_reject", tag_reject)
       |> ActivityPub.fetch_public_activities()
-      |> Enum.reverse()
 
     conn
     |> add_link_headers(activities, %{"local" => local_only})
@@ -128,9 +127,12 @@ defmodule Pleroma.Web.MastodonAPI.TimelineController do
 
       # we must filter the following list for the user to avoid leaking statuses the user
       # does not actually have permission to see (for more info, peruse security issue #270).
+
+      user_following = User.following(user)
+
       activities =
         following
-        |> Enum.filter(fn x -> x in user.following end)
+        |> Enum.filter(fn x -> x in user_following end)
         |> ActivityPub.fetch_activities_bounded(following, params)
         |> Enum.reverse()