From: Evan Prodromou <evan@status.net>
Date: Mon, 28 Mar 2011 16:01:08 +0000 (-0400)
Subject: Add a check to prevent replying to an unscoped notice
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=b0deaad700e72a06bf11f044236ed9c27e0eccff;p=quix0rs-gnu-social.git

Add a check to prevent replying to an unscoped notice
---

diff --git a/classes/Notice.php b/classes/Notice.php
index 69ed959f38..3780d52d56 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -351,6 +351,10 @@ class Notice extends Memcached_DataObject
 
         if (!empty($notice->reply_to)) {
             $reply = Notice::staticGet('id', $notice->reply_to);
+            if (!$reply->inScope($profile)) {
+                throw new ClientException(sprintf(_("%s has no access to notice %d"),
+                                                  $profile->nickname, $reply->id), 403);
+            }
             $notice->conversation = $reply->conversation;
         }