mirror of
https://github.com/discourse/discourse.git
synced 2025-02-21 19:55:43 +00:00
SECURITY: correct local onebox category checks
This commit is contained in:
parent
f655936b9d
commit
7174b100f9
@ -84,12 +84,12 @@ module Onebox
|
||||
|
||||
def can_see_post?(post, source_topic)
|
||||
return false if post.nil? || post.hidden || post.trashed? || post.topic.nil?
|
||||
Guardian.new.can_see_post?(post) || same_category?(post.topic.category, source_topic)
|
||||
Guardian.new.can_see_post?(post)
|
||||
end
|
||||
|
||||
def can_see_topic?(topic, source_topic)
|
||||
return false if topic.nil? || topic.trashed? || topic.private_message?
|
||||
Guardian.new.can_see_topic?(topic) || same_category?(topic.category, source_topic)
|
||||
Guardian.new.can_see_topic?(topic)
|
||||
end
|
||||
|
||||
def same_category?(category, source_topic)
|
||||
|
Loading…
x
Reference in New Issue
Block a user