mirror
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Update Compose apis, prevent private accounts from posting public or unlisted scopes

This commit is contained in:
Daniel Supernault 2021-02-24 20:06:58 -07:00
parent 43201a70e6
commit f53bfa6fa6
No known key found for this signature in database
GPG Key ID: 0DEF1C662C9033F7
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/Http/Controllers/Api/ApiV1Controller.php
View File

@ -1753,6 +1753,12 @@ class ApiV1Controller extends Controller
$in_reply_to_id = $request->input('in_reply_to_id');
$user = $request->user();
$visibility = $profile->is_private ? 'private' : (
$profile->unlisted == true &&
$request->input('visibility', 'public') == 'public' ?
'unlisted' :
$request->input('visibility', 'public'));
if($user->last_active_at == null) {
return [];
}
@ -1762,8 +1768,8 @@ class ApiV1Controller extends Controller
$status = new Status;
$status->caption = strip_tags($request->input('status'));
$status->scope = $request->input('visibility', 'public');
$status->visibility = $request->input('visibility', 'public');
$status->scope = $visibility;
$status->visibility = $visibility;
$status->profile_id = $user->profile_id;
$status->is_nsfw = $user->profile->cw == true ? true : $request->input('sensitive', false);
$status->in_reply_to_id = $parent->id;
@ -1805,8 +1811,8 @@ class ApiV1Controller extends Controller
abort(400, 'Invalid media ids');
}
$status->scope = $request->input('visibility', 'public');
$status->visibility = $request->input('visibility', 'public');
$status->scope = $visibility;
$status->visibility = $visibility;
$status->type = StatusController::mimeTypeCheck($mimes);
$status->save();
}

6
app/Http/Controllers/ComposeController.php
View File

@ -96,9 +96,8 @@ class ComposeController extends Controller
$photo = $request->file('file');
$mimes = explode(',', config('pixelfed.media_types'));
if(in_array($photo->getMimeType(), $mimes) == false) {
return;
}
abort_if(in_array($photo->getMimeType(), $mimes) == false, 400, 'Invalid media format');
$storagePath = MediaPathService::get($user, 2);
$path = $photo->store($storagePath);
@ -399,6 +398,7 @@ class ComposeController extends Controller
}
$visibility = $profile->unlisted == true && $visibility == 'public' ? 'unlisted' : $visibility;
$visibility = $profile->is_private ? 'private' : $visibility;
$cw = $profile->cw == true ? true : $cw;
$status->is_nsfw = $cw;
$status->visibility = $visibility;