security fix: statuses with visibility marked unlisted, private, and direct could be displayed publicly
This commit is contained in:
parent
98d4c111c2
commit
497c851ee3
|
@ -173,7 +173,7 @@ class FediClient
|
||||||
|
|
||||||
$account_id = self::$acct_id;
|
$account_id = self::$acct_id;
|
||||||
|
|
||||||
$response = $this->_get("/api/v1/accounts/{$account_id}", null, $headers);
|
$response = $this->_get("/api/v1/accounts/{$account_id}", null, null);
|
||||||
|
|
||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
|
@ -174,7 +174,7 @@ class FediConfig
|
||||||
|
|
||||||
//getStatus from remote instance
|
//getStatus from remote instance
|
||||||
$status = $client->getStatus($atts['only_media'], $atts['pinned'], $atts['exclude_replies'], null, null, null, $atts['limit'], $atts['exclude_reblogs']);
|
$status = $client->getStatus($atts['only_media'], $atts['pinned'], $atts['exclude_replies'], null, null, null, $atts['limit'], $atts['exclude_reblogs']);
|
||||||
//if(WP_DEBUG_DISPLAY === true): echo '<details><summary>Mastodon</summary><pre>'; var_dump($client->getStatus($atts['only_media'], $atts['pinned'], $atts['exclude_replies'], null, null, null, $atts['limit'], $atts['exclude_reblogs'])); echo '</pre></details>'; endif;
|
//if(WP_DEBUG_DISPLAY === true): echo '<details><summary>Mastodon</summary><pre>'; var_dump($status); echo '</pre></details>'; endif;
|
||||||
$show_header = $atts['show_header'];
|
$show_header = $atts['show_header'];
|
||||||
$account = $status[0]->account;
|
$account = $status[0]->account;
|
||||||
include(plugin_dir_path(__FILE__) . 'templates/mastodon.tpl.php' );
|
include(plugin_dir_path(__FILE__) . 'templates/mastodon.tpl.php' );
|
||||||
|
|
Loading…
Reference in New Issue