Skip to content

Prevent users from attaching other users' attachments

Howard Al-Azif requested to merge (removed):develop into develop

This should prevent a possible scenario when a malicious user iterates through object IDs when creating/previewing a status in order to gain access to media that were posted by other users privately (e.g. with direct scope).

Merge request reports

Loading