projects / akkoma / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a9eaa55) | patch
Mastodon API: Fix lists leaking private posts
authorrinpatch <rinpatch@sdf.org>
Fri, 31 May 2019 12:25:17 +0000 (15:25 +0300)
committerrinpatch <rinpatch@sdf.org>
Fri, 31 May 2019 12:25:17 +0000 (15:25 +0300)
commitd9c0650ff9afd66c15d960b727dc2e6ed37477a3
tree06a39da5c79cf25a32df34db84b8f11b0692faebtree | snapshot
parenta9eaa558853460b811d134b49fb00b017b772e94commit | diff
Mastodon API: Fix lists leaking private posts

Our previous list visibility resolver grabbed posts if either follower
collection of the user in a list who is followed is in `to` or if
follower collection of the user in a list was in `cc`. This not only
missed unlisted posts but also lead to leaking private posts when
`fix_explicit_addressing` mistakingly started putting follower collections
to `cc` (also fixed in this MR).

Reported by @kurisu@iscute.moe via a DM
CHANGELOG.md diff | blob | history
lib/pleroma/web/activity_pub/activity_pub.ex diff | blob | history
test/web/activity_pub/activity_pub_test.exs diff | blob | history
Fork of https://akkoma.dev/AkkomaGang/akkoma.git