Skip to content

Prevent users from attaching other users' attachments

mint requested to merge (removed):develop into develop

This should prevent a possible scenario when a malicious user iterates through object IDs when creating/previewing a status in order to gain access to media that were posted by other users privately (e.g. with direct scope).

Merge request reports