From 70bcdf32bdf98c02d9f44c07cbcf74d4c59ed299 Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Sat, 7 Apr 2018 16:40:03 +0200
Subject: Only search in public data for now.

This should be the data the user is allowed to see later, but this
will stop accidental private message leaks.
---
 lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 +
 lib/pleroma/web/twitter_api/twitter_api.ex              | 1 +
 2 files changed, 2 insertions(+)

(limited to 'lib')

diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
index ccba4710a..6339704a2 100644
--- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
+++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex
@@ -507,6 +507,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
       from(
         a in Activity,
         where: fragment("?->>'type' = 'Create'", a.data),
+        where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
         where:
           fragment(
             "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex
index 027b97154..c12cd7f8a 100644
--- a/lib/pleroma/web/twitter_api/twitter_api.ex
+++ b/lib/pleroma/web/twitter_api/twitter_api.ex
@@ -193,6 +193,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
       from(
         a in Activity,
         where: fragment("?->>'type' = 'Create'", a.data),
+        where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients,
         where:
           fragment(
             "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)",
-- 
cgit v1.2.3