From 70bcdf32bdf98c02d9f44c07cbcf74d4c59ed299 Mon Sep 17 00:00:00 2001 From: lain Date: Sat, 7 Apr 2018 16:40:03 +0200 Subject: Only search in public data for now. This should be the data the user is allowed to see later, but this will stop accidental private message leaks. --- lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 + lib/pleroma/web/twitter_api/twitter_api.ex | 1 + 2 files changed, 2 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index ccba4710a..6339704a2 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -507,6 +507,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do from( a in Activity, where: fragment("?->>'type' = 'Create'", a.data), + where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, where: fragment( "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 027b97154..c12cd7f8a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -193,6 +193,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do from( a in Activity, where: fragment("?->>'type' = 'Create'", a.data), + where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, where: fragment( "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", -- cgit v1.2.3