Mercurial > rsstweet
changeset 235:4222343d9433 legit-client
No access to protected user
| author | nanaya <me@nanaya.net> |
|---|---|
| date | Fri, 14 Jul 2023 22:43:40 +0900 |
| parents | 7a773720d81f |
| children | 498043313523 |
| files | app/controllers/tweets_controller.rb |
| diffstat | 1 files changed, 5 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/app/controllers/tweets_controller.rb Fri Jul 14 22:42:20 2023 +0900 +++ b/app/controllers/tweets_controller.rb Fri Jul 14 22:43:40 2023 +0900 @@ -13,6 +13,11 @@ return end + if @user[:protected] + head :forbidden + return + end + return redirect if normalized_screen_name != params[:name] @tweets = CachedFetch.timeline params[:id]