github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 04:31:10 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Ensure users can see the topic before setting a topic timer. (#10841)

Browse Source
This commit is contained in:
Roman Rizzi
2020-10-06 16:49:06 -03:00
committed by GitHub
parent e3b2fc6074
commit a8c47e7c7f
4 changed files with 51 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/topics_controller.rb
View File

@ -453,6 +453,7 @@ class TopicsController < ApplicationController
params.require(:duration) if based_on_last_post
topic = Topic.find_by(id: params[:topic_id])
guardian.ensure_can_see!(topic)
guardian.ensure_can_moderate!(topic)
options = {