From dba2d574b1daf80c4fe834aae408ffc9a8e49e57 Mon Sep 17 00:00:00 2001 From: Philipp Holzer Date: Wed, 23 Oct 2019 21:29:17 +0200 Subject: [PATCH] Adapt because of feedback --- src/Module/Item/Ignored.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/Module/Item/Ignored.php b/src/Module/Item/Ignored.php index c629b0d2e9..f37c5ab3a7 100644 --- a/src/Module/Item/Ignored.php +++ b/src/Module/Item/Ignored.php @@ -49,13 +49,12 @@ class Ignored extends BaseModule case local_user(): $dba->update('thread', ['ignored' => $ignored], ['iid' => $message_id]); break; - // Empty or 0 (null will get transformed to 0) => it's a public post + // 0 (null will get transformed to 0) => it's a public post case 0: - case '': $dba->update('user-item', ['ignored' => $ignored], ['iid' => $message_id, 'uid' => local_user()], true); break; - // In case we retrieved a thread which isn't our or a public, it's a forbidden action - // but due to security reason (brute force), we print a Bad request exception + // Throws a BadRequestException and not a ForbiddenException on purpose + // Avoids harvesting existing, but forbidden IIDs (security issue) default: throw new HTTPException\BadRequestException(); } -- 2.39.5