Home Explore Help
Register Sign In
oleg
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Update Compose apis, prevent private accounts from posting public or unlisted scopes

Daniel Supernault 4 years ago
parent
43201a70e6
commit
f53bfa6fa6
2 changed files with 13 additions and 7 deletions
Split View Show Diff Stats
  1. 10 4
      app/Http/Controllers/Api/ApiV1Controller.php
  2. 3 3
      app/Http/Controllers/ComposeController.php

+ 10 - 4
app/Http/Controllers/Api/ApiV1Controller.php
View File 

@@ -1753,6 +1753,12 @@ class ApiV1Controller extends Controller
 
         $in_reply_to_id = $request->input('in_reply_to_id');
 
         $user = $request->user();
 
 
+        $visibility = $profile->is_private ? 'private' : (
 
+            $profile->unlisted == true && 
+            $request->input('visibility', 'public') == 'public' ? 
+            'unlisted' : 
+            $request->input('visibility', 'public'));
 
+
 
         if($user->last_active_at == null) {
 
             return [];
 
         }
 
@@ -1762,8 +1768,8 @@ class ApiV1Controller extends Controller
 
 
             $status = new Status;
 
             $status->caption = strip_tags($request->input('status'));
 
-            $status->scope = $request->input('visibility', 'public');
 
-            $status->visibility = $request->input('visibility', 'public');
 
+            $status->scope = $visibility;
 
+            $status->visibility = $visibility;
 
             $status->profile_id = $user->profile_id;
 
             $status->is_nsfw = $user->profile->cw == true ? true : $request->input('sensitive', false);
 
             $status->in_reply_to_id = $parent->id;
 
@@ -1805,8 +1811,8 @@ class ApiV1Controller extends Controller
 
                 abort(400, 'Invalid media ids');
 
             }
 
 
-            $status->scope = $request->input('visibility', 'public');
 
-            $status->visibility = $request->input('visibility', 'public');
 
+            $status->scope = $visibility;
 
+            $status->visibility = $visibility;
 
             $status->type = StatusController::mimeTypeCheck($mimes);
 
             $status->save();
 
         }

+ 3 - 3
app/Http/Controllers/ComposeController.php
View File 

@@ -96,9 +96,8 @@ class ComposeController extends Controller
 
 		$photo = $request->file('file');
 
 
 		$mimes = explode(',', config('pixelfed.media_types'));
 
-		if(in_array($photo->getMimeType(), $mimes) == false) {
 
-			return;
 
-		}
 
+
 
+		abort_if(in_array($photo->getMimeType(), $mimes) == false, 400, 'Invalid media format');
 
 
 		$storagePath = MediaPathService::get($user, 2);
 
 		$path = $photo->store($storagePath);
 
@@ -399,6 +398,7 @@ class ComposeController extends Controller
 
 		}
 
 
 		$visibility = $profile->unlisted == true && $visibility == 'public' ? 'unlisted' : $visibility;
 
+		$visibility = $profile->is_private ? 'private' : $visibility;
 
 		$cw = $profile->cw == true ? true : $cw;
 
 		$status->is_nsfw = $cw;
 
 		$status->visibility = $visibility;