From e133c82d4bea84a1aae8a64f2f25f1f3cb5e75c2 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Fri, 7 Feb 2014 14:10:45 +1100
Subject: [PATCH] SECURITY: check permissions for mailing list

if you deployed this feature in the last 2 hours upgrade asap.
---
 app/jobs/regular/notify_mailing_list_subscribers.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/jobs/regular/notify_mailing_list_subscribers.rb b/app/jobs/regular/notify_mailing_list_subscribers.rb
index 31ac2d5e85..b344c6360b 100644
--- a/app/jobs/regular/notify_mailing_list_subscribers.rb
+++ b/app/jobs/regular/notify_mailing_list_subscribers.rb
@@ -29,7 +29,9 @@ module Jobs
                        cu.notification_level = ?
                   )', post.topic.category_id, CategoryUser.notification_levels[:muted])
           .each do |user|
-            UserNotifications.mailing_list_notify(user, post).deliver
+            if Guardian.new(user).can_see?(post)
+              UserNotifications.mailing_list_notify(user, post).deliver
+            end
       end
 
     end