From 7174b100f958e0acbf577a85ab9827702cea3c07 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Wed, 14 Feb 2018 10:44:06 +1100
Subject: [PATCH] SECURITY: correct local onebox category checks

---
 lib/onebox/engine/discourse_local_onebox.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/onebox/engine/discourse_local_onebox.rb b/lib/onebox/engine/discourse_local_onebox.rb
index a1ce9ebe822..e4560949bec 100644
--- a/lib/onebox/engine/discourse_local_onebox.rb
+++ b/lib/onebox/engine/discourse_local_onebox.rb
@@ -84,12 +84,12 @@ module Onebox
 
         def can_see_post?(post, source_topic)
           return false if post.nil? || post.hidden || post.trashed? || post.topic.nil?
-          Guardian.new.can_see_post?(post) || same_category?(post.topic.category, source_topic)
+          Guardian.new.can_see_post?(post)
         end
 
         def can_see_topic?(topic, source_topic)
           return false if topic.nil? || topic.trashed? || topic.private_message?
-          Guardian.new.can_see_topic?(topic) || same_category?(topic.category, source_topic)
+          Guardian.new.can_see_topic?(topic)
         end
 
         def same_category?(category, source_topic)