yetangitu/pixelfed
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update Compose apis, prevent private accounts from posting public or unlisted scopes

Browse source
This commit is contained in:
Daniel Supernault 2021-02-24 20:06:58 -07:00
parent 43201a70e6
commit f53bfa6fa6
No known key found for this signature in database
GPG key ID: 0DEF1C662C9033F7
2 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

6
app/Http/Controllers/ComposeController.php
View file

@ -96,9 +96,8 @@ class ComposeController extends Controller
$photo = $request->file('file');
$mimes = explode(',', config('pixelfed.media_types'));
if(in_array($photo->getMimeType(), $mimes) == false) {
return;
}
abort_if(in_array($photo->getMimeType(), $mimes) == false, 400, 'Invalid media format');
$storagePath = MediaPathService::get($user, 2);
$path = $photo->store($storagePath);
@ -399,6 +398,7 @@ class ComposeController extends Controller
}
$visibility = $profile->unlisted == true && $visibility == 'public' ? 'unlisted' : $visibility;
$visibility = $profile->is_private ? 'private' : $visibility;
$cw = $profile->cw == true ? true : $cw;
$status->is_nsfw = $cw;
$status->visibility = $visibility;