Fix potential private status leak (#10969)

7fa23ec6 · ThibG · Eugen Rochko · d34a3a2c · 7fa23ec6
Commit 7fa23ec6 authored 5 years ago by ThibG Committed by Eugen Rochko 5 years ago
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@@ -27,7 +27,7 @@ class StatusesController < ApplicationController
  def show
    respond_to do |format|
      format.html do
-        unless user_signed_in?
+        if current_account.nil?
          skip_session!
          expires_in 10.seconds, public: true
        end