From eb280d93a96ef1234051e391dc81b7f2506f70dd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?KMY=EF=BC=88=E9=9B=AA=E3=81=82=E3=81=99=E3=81=8B=EF=BC=89?=
 <tt@kmycode.net>
Date: Mon, 22 Jan 2024 08:50:44 +0900
Subject: [PATCH] =?UTF-8?q?Fix:=20=E3=83=89=E3=83=A1=E3=82=A4=E3=83=B3?=
 =?UTF-8?q?=E3=83=96=E3=83=AD=E3=83=83=E3=82=AF=E3=81=8COutbox=E3=81=AB?=
 =?UTF-8?q?=E3=81=8A=E3=81=84=E3=81=A6=E5=8B=95=E4=BD=9C=E3=81=97=E3=81=AA?=
 =?UTF-8?q?=E3=81=84=E5=95=8F=E9=A1=8C=20(LTS)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/lib/account_statuses_filter.rb       |  7 ++---
 spec/lib/account_statuses_filter_spec.rb | 33 ++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/app/lib/account_statuses_filter.rb b/app/lib/account_statuses_filter.rb
index b5c63c1693..9b279066d8 100644
--- a/app/lib/account_statuses_filter.rb
+++ b/app/lib/account_statuses_filter.rb
@@ -33,7 +33,8 @@ class AccountStatusesFilter
     available_visibilities -= [:unlisted] if (domain_block&.detect_invalid_subscription || misskey_software?) && @account.user&.setting_reject_unlisted_subscription
     available_visibilities -= [:login] if current_account.nil?
 
-    scope.merge!(scope.where(spoiler_text: ['', nil])) if domain_block&.reject_send_sensitive
+    scope.merge!(scope.where(sensitive: false)) if domain_block&.reject_send_sensitive
+
     scope.merge!(scope.where(searchability: available_searchabilities))
     scope.merge!(scope.where(visibility: available_visibilities))
 
@@ -155,9 +156,9 @@ class AccountStatusesFilter
   end
 
   def domain_block
-    return nil if @account.nil? || @account.local?
+    return nil if @current_account.nil? || @current_account.local?
 
-    @domain_block = DomainBlock.find_by(domain: @account.domain)
+    @domain_block = DomainBlock.find_by(domain: @current_account.domain)
   end
 
   def misskey_software?
diff --git a/spec/lib/account_statuses_filter_spec.rb b/spec/lib/account_statuses_filter_spec.rb
index 1f9868f2fb..7e2095588b 100644
--- a/spec/lib/account_statuses_filter_spec.rb
+++ b/spec/lib/account_statuses_filter_spec.rb
@@ -282,5 +282,38 @@ RSpec.describe AccountStatusesFilter do
 
       it_behaves_like 'filter params'
     end
+
+    context 'when accessed by remote user' do
+      let(:current_account) { Fabricate(:account, domain: 'example.com', uri: 'https://example.com/actor') }
+      let(:sensitive_status_with_cw) { Fabricate(:status, sensitive: true, spoiler_text: 'CW', account: account) }
+      let(:sensitive_status_with_media) do
+        Fabricate(:status, sensitive: true, spoiler_text: 'CW', account: account).tap do |status|
+          Fabricate(:media_attachment, account: account, status: status)
+        end
+      end
+
+      before do
+        Fabricate(:domain_block, domain: 'example.com', severity: :noop, reject_send_sensitive: true)
+      end
+
+      it 'returns everything' do
+        expect(subject.results.pluck(:visibility).uniq).to match_array %w(login unlisted public_unlisted public)
+      end
+
+      it 'returns replies' do
+        expect(subject.results.pluck(:in_reply_to_id)).to_not be_empty
+      end
+
+      it 'returns reblogs' do
+        expect(subject.results.pluck(:reblog_of_id)).to_not be_empty
+      end
+
+      it 'does not send sensitive posts' do
+        expect(subject.results.pluck(:id)).to_not include sensitive_status_with_cw.id
+        expect(subject.results.pluck(:id)).to_not include sensitive_status_with_media.id
+      end
+
+      it_behaves_like 'filter params'
+    end
   end
 end