github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-31 16:14:16 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: correct local onebox category checks

Browse Source
This commit is contained in:
Sam 2018-02-14 10:44:06 +11:00
parent f655936b9d
commit 7174b100f9
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/onebox/engine/discourse_local_onebox.rb
View File

@ -84,12 +84,12 @@ module Onebox
def can_see_post?(post, source_topic)
return false if post.nil? || post.hidden || post.trashed? || post.topic.nil?
Guardian.new.can_see_post?(post) || same_category?(post.topic.category, source_topic)
Guardian.new.can_see_post?(post)
end
def can_see_topic?(topic, source_topic)
return false if topic.nil? || topic.trashed? || topic.private_message?
Guardian.new.can_see_topic?(topic) || same_category?(topic.category, source_topic)
Guardian.new.can_see_topic?(topic)
end
def same_category?(category, source_topic)