Fix potential private status leak (#10969)

author ThibG <thib@sitedethib.com>

Wed, 5 Jun 2019 11:40:20 +0000 (13:40 +0200)

committer Eugen Rochko <eugen@zeonfederated.com>

Wed, 5 Jun 2019 11:40:20 +0000 (13:40 +0200)
author ThibG <thib@sitedethib.com>
Wed, 5 Jun 2019 11:40:20 +0000 (13:40 +0200)
committer Eugen Rochko <eugen@zeonfederated.com>
Wed, 5 Jun 2019 11:40:20 +0000 (13:40 +0200)
diff --git a/app/controllers/statuses_controller.rb b/app/controllers/statuses_controller.rb

index e60646ba33848c439e61869767e102266ab09bd4..b8f4e675ed80b7b3ff4cff648f95dc10ee618279 100644 (file)
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -27,7 +27,7 @@ class StatusesController < ApplicationController
    def show
      respond_to do |format|
        format.html do
-        unless user_signed_in?
+        if current_account.nil?
            skip_session!
            expires_in 10.seconds, public: true
          end
author	ThibG <thib@sitedethib.com>
	Wed, 5 Jun 2019 11:40:20 +0000 (13:40 +0200)
committer	Eugen Rochko <eugen@zeonfederated.com>
	Wed, 5 Jun 2019 11:40:20 +0000 (13:40 +0200)