diff options
| author | rinpatch <rinpatch@sdf.org> | 2019-05-31 15:25:17 +0300 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2019-05-31 15:25:17 +0300 |
| commit | d9c0650ff9afd66c15d960b727dc2e6ed37477a3 (patch) | |
| tree | 06a39da5c79cf25a32df34db84b8f11b0692faeb /lib | |
| parent | a9eaa558853460b811d134b49fb00b017b772e94 (diff) | |
| download | pleroma-d9c0650ff9afd66c15d960b727dc2e6ed37477a3.tar.gz | |
Mastodon API: Fix lists leaking private posts
Our previous list visibility resolver grabbed posts if either follower
collection of the user in a list who is followed is in `to` or if
follower collection of the user in a list was in `cc`. This not only
missed unlisted posts but also lead to leaking private posts when
`fix_explicit_addressing` mistakingly started putting follower collections
to `cc` (also fixed in this MR).
Reported by @kurisu@iscute.moe via a DM
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/activity_pub/activity_pub.ex | 27 |
1 files changed, 11 insertions, 16 deletions
diff --git a/lib/pleroma/web/activity_pub/activity_pub.ex b/lib/pleroma/web/activity_pub/activity_pub.ex index aa0229db7..498b1a342 100644 --- a/lib/pleroma/web/activity_pub/activity_pub.ex +++ b/lib/pleroma/web/activity_pub/activity_pub.ex @@ -653,20 +653,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do defp restrict_tag(query, _), do: query - defp restrict_to_cc(query, recipients_to, recipients_cc) do - from( - activity in query, - where: - fragment( - "(?->'to' \\?| ?) or (?->'cc' \\?| ?)", - activity.data, - ^recipients_to, - activity.data, - ^recipients_cc - ) - ) - end - defp restrict_recipients(query, [], _user), do: query defp restrict_recipients(query, recipients, nil) do @@ -889,9 +875,18 @@ defmodule Pleroma.Web.ActivityPub.ActivityPub do |> Enum.reverse() end - def fetch_activities_bounded(recipients_to, recipients_cc, opts \\ %{}) do + def fetch_activities_bounded_query(query, recipients, recipients_with_public) do + from(activity in query, + where: + fragment("? && ?", activity.recipients, ^recipients) or + (fragment("? && ?", activity.recipients, ^recipients_with_public) and + "https://www.w3.org/ns/activitystreams#Public" in activity.recipients) + ) + end + + def fetch_activities_bounded(recipients, recipients_with_public, opts \\ %{}) do fetch_activities_query([], opts) - |> restrict_to_cc(recipients_to, recipients_cc) + |> fetch_activities_bounded_query(recipients, recipients_with_public) |> Pagination.fetch_paginated(opts) |> Enum.reverse() end |