diff options
| author |  nicole mikołajczyk <git@mkljczk.pl> | 2025-06-09 16:26:49 +0200 |
|---|---|---|
| committer |  tobi <kipvandenbos@noreply.codeberg.org> | 2025-06-09 16:26:49 +0200 |
| commit | 3f1c3c0dacafce8a4421e5d2570adf2084f29756 (patch) | |
| tree | 474638976076e2780b9d45ba340ee52094e08ede /internal/processing/status/create.go | |
| parent | [feature] enable footnote extension for markdown parser (#4251) (diff) | |
| download | gotosocial-3f1c3c0dacafce8a4421e5d2570adf2084f29756.tar.xz | |
[bugfix] return 422 for invalid status visibility (#4252)
Signed-off-by: nicole mikołajczyk <git@mkljczk.pl>
# Description
closes #4247
## Checklist
Please put an x inside each checkbox to indicate that you've read and followed it: `[ ]` -> `[x]`
If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).
- [x] I/we have read the [GoToSocial contribution guidelines](https://codeberg.org/superseriousbusiness/gotosocial/src/branch/main/CONTRIBUTING.md).
- [ ] I/we have discussed the proposed changes already, either in an issue on the repository, or in the Matrix chat.
- [x] I/we have not leveraged AI to create the proposed changes.
- [x] I/we have performed a self-review of added code.
- [x] I/we have written code that is legible and maintainable by others.
- [ ] I/we have commented the added code, particularly in hard-to-understand areas.
- [ ] I/we have made any necessary changes to documentation.
- [x] I/we have added tests that cover new code.
- [x] I/we have run tests and they pass locally with the changes.
- [x] I/we have run `go fmt ./...` and `golangci-lint run`.
Reviewed-on: https://codeberg.org/superseriousbusiness/gotosocial/pulls/4252
Co-authored-by: nicole mikołajczyk <git@mkljczk.pl>
Co-committed-by: nicole mikołajczyk <git@mkljczk.pl>
Diffstat (limited to 'internal/processing/status/create.go')
| -rw-r--r-- | internal/processing/status/create.go | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/internal/processing/status/create.go b/internal/processing/status/create.go index f9f986256..3604d3a4a 100644 --- a/internal/processing/status/create.go +++ b/internal/processing/status/create.go @@ -218,7 +218,9 @@ func (p *Processor) Create( } // Process the incoming created status visibility. - processVisibility(form, requester.Settings.Privacy, status) + if errWithCode := processVisibility(form, requester.Settings.Privacy, status); errWithCode != nil { + return nil, errWithCode + } // Process policy AFTER visibility as it relies // on status.Visibility and form.Visibility being set. @@ -444,11 +446,20 @@ func processVisibility( form *apimodel.StatusCreateRequest, accountDefaultVis gtsmodel.Visibility, status *gtsmodel.Status, -) { +) gtserror.WithCode { switch { // Visibility set on form, use that. case form.Visibility != "": - status.Visibility = typeutils.APIVisToVis(form.Visibility) + visibility := typeutils.APIVisToVis(form.Visibility) + + if visibility == 0 { + const errText = "invalid visibility" + err := gtserror.New(errText) + errWithCode := gtserror.NewErrorUnprocessableEntity(err, err.Error()) + return errWithCode + } + + status.Visibility = visibility // Fall back to account default, set // this back on the form for later use. @@ -467,6 +478,8 @@ func processVisibility( // assuming federated (ie., not local-only) by default. localOnly := util.PtrOrValue(form.LocalOnly, false) status.Federated = util.Ptr(!localOnly) + + return nil } func processInteractionPolicy( |