Mercurial > rsstweet
comparison app/controllers/tweets_controller.rb @ 235:4222343d9433 legit-client
No access to protected user
| author | nanaya <me@nanaya.net> |
|---|---|
| date | Fri, 14 Jul 2023 22:43:40 +0900 |
| parents | 7a773720d81f |
| children |
comparison
equal
deleted
inserted
replaced
| 234:7a773720d81f | 235:4222343d9433 |
|---|---|
| 8 | 8 |
| 9 @user = CachedFetch.user_by_id params[:id] | 9 @user = CachedFetch.user_by_id params[:id] |
| 10 | 10 |
| 11 if @user.nil? | 11 if @user.nil? |
| 12 head :not_found | 12 head :not_found |
| 13 return | |
| 14 end | |
| 15 | |
| 16 if @user[:protected] | |
| 17 head :forbidden | |
| 13 return | 18 return |
| 14 end | 19 end |
| 15 | 20 |
| 16 return redirect if normalized_screen_name != params[:name] | 21 return redirect if normalized_screen_name != params[:name] |
| 17 | 22 |