mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-10 18:35:56 +02:00
Code Issues Releases Wiki Activity

Merge pull request from GHSA-22m9-m3ww-53h3

Browse Source 
* fix: check post visibility when mentioning

Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>

* fix: `mentionsPosts` include is not used and leaks private posts

Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>

* chre: use `PostRepository`

Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>

Signed-off-by: Sami Mazouz <sychocouldy@gmail.com>
This commit is contained in:
Sami Mazouz
2023-01-10 12:43:46 +01:00
parent 8a65ad980d
commit 132fdea659
6 changed files with 52 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
extensions/mentions/extend.php
View File

@@ -91,11 +91,9 @@ return [
]),
(new Extend\ApiController(Controller\CreatePostController::class))
->addInclude(['mentionsPosts', 'mentionsPosts.mentionedBy'])
->addOptionalInclude('mentionsGroups'),
(new Extend\ApiController(Controller\UpdatePostController::class))
->addInclude(['mentionsPosts', 'mentionsPosts.mentionedBy'])
->addOptionalInclude('mentionsGroups'),
(new Extend\ApiController(Controller\AbstractSerializeController::class))