summaryrefslogtreecommitdiff
path: root/priv/static/packs/features/list_timeline.js
diff options
context:
space:
mode:
authorrinpatch <rinpatch@sdf.org>2019-05-31 15:25:17 +0300
committerrinpatch <rinpatch@sdf.org>2019-05-31 15:25:17 +0300
commitd9c0650ff9afd66c15d960b727dc2e6ed37477a3 (patch)
tree06a39da5c79cf25a32df34db84b8f11b0692faeb /priv/static/packs/features/list_timeline.js
parenta9eaa558853460b811d134b49fb00b017b772e94 (diff)
downloadpleroma-d9c0650ff9afd66c15d960b727dc2e6ed37477a3.tar.gz
pleroma-d9c0650ff9afd66c15d960b727dc2e6ed37477a3.zip
Mastodon API: Fix lists leaking private posts
Our previous list visibility resolver grabbed posts if either follower collection of the user in a list who is followed is in `to` or if follower collection of the user in a list was in `cc`. This not only missed unlisted posts but also lead to leaking private posts when `fix_explicit_addressing` mistakingly started putting follower collections to `cc` (also fixed in this MR). Reported by @kurisu@iscute.moe via a DM
Diffstat (limited to 'priv/static/packs/features/list_timeline.js')
0 files changed, 0 insertions, 0 deletions