GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Add a check to prevent replying to an unscoped notice

Browse Source
This commit is contained in:
Evan Prodromou 2011-03-28 12:01:08 -04:00
parent 5147404ea2
commit b0deaad700
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
classes/Notice.php
View File

@ -351,6 +351,10 @@ class Notice extends Memcached_DataObject
if (!empty($notice->reply_to)) { if (!empty($notice->reply_to)) {
$reply = Notice::staticGet('id', $notice->reply_to); $reply = Notice::staticGet('id', $notice->reply_to);
if (!$reply->inScope($profile)) {
throw new ClientException(sprintf(_("%s has no access to notice %d"),
$profile->nickname, $reply->id), 403);
}
$notice->conversation = $reply->conversation; $notice->conversation = $reply->conversation;
} }