diff options
| author | lain <lain@soykaf.club> | 2018-04-07 16:40:03 +0200 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2018-04-07 16:40:45 +0200 |
| commit | 70bcdf32bdf98c02d9f44c07cbcf74d4c59ed299 (patch) | |
| tree | 9095036ae6cb0ef8c468e47bf3091aa5facbc996 | |
| parent | a9203ab363fdedcf69c3f299063345e26b836a05 (diff) | |
| download | pleroma-70bcdf32bdf98c02d9f44c07cbcf74d4c59ed299.tar.gz | |
Only search in public data for now.
This should be the data the user is allowed to see later, but this
will stop accidental private message leaks.
| -rw-r--r-- | lib/pleroma/web/mastodon_api/mastodon_api_controller.ex | 1 | ||||
| -rw-r--r-- | lib/pleroma/web/twitter_api/twitter_api.ex | 1 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 7 |
3 files changed, 9 insertions, 0 deletions
diff --git a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex index ccba4710a..6339704a2 100644 --- a/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex +++ b/lib/pleroma/web/mastodon_api/mastodon_api_controller.ex @@ -507,6 +507,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do from( a in Activity, where: fragment("?->>'type' = 'Create'", a.data), + where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, where: fragment( "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", diff --git a/lib/pleroma/web/twitter_api/twitter_api.ex b/lib/pleroma/web/twitter_api/twitter_api.ex index 027b97154..c12cd7f8a 100644 --- a/lib/pleroma/web/twitter_api/twitter_api.ex +++ b/lib/pleroma/web/twitter_api/twitter_api.ex @@ -193,6 +193,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do from( a in Activity, where: fragment("?->>'type' = 'Create'", a.data), + where: "https://www.w3.org/ns/activitystreams#Public" in a.recipients, where: fragment( "to_tsvector('english', ?->'object'->>'content') @@ plainto_tsquery('english', ?)", diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 2c9cdd194..5d39c25c6 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -564,6 +564,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do user_three = insert(:user, %{nickname: "shp@heldscal.la", name: "I love 2hu"}) {:ok, activity} = CommonAPI.post(user, %{"status" => "This is about 2hu"}) + + {:ok, _activity} = + CommonAPI.post(user, %{ + "status" => "This is about 2hu, but private", + "visibility" => "private" + }) + {:ok, _} = CommonAPI.post(user_two, %{"status" => "This isn't"}) conn = |