From: William Pitcock <nenolod@dereferenced.org>
Date: Sat, 25 Nov 2017 00:36:08 +0000 (-0600)
Subject: status: preserve visibility attribute when reblogging (infoleak fix) (#5789)
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=32987004c95aebfc390b7cd9e93d9a386095c0a0;p=mastodon.git

status: preserve visibility attribute when reblogging (infoleak fix) (#5789)

this should fix *all* remaining visibility-related mastodon ostatus infoleaks.
thanks to @csaurus@gnusocial.de for pointing out the infoleak.
---

diff --git a/app/models/status.rb b/app/models/status.rb
index d6810941a..8579ff9e4 100644
--- a/app/models/status.rb
+++ b/app/models/status.rb
@@ -278,6 +278,7 @@ class Status < ApplicationRecord
 
   def set_visibility
     self.visibility = (account.locked? ? :private : :public) if visibility.nil?
+    self.visibility = reblog.visibility if reblog?
     self.sensitive  = false if sensitive.nil?
   end