krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-15 05:37:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(chat): validate group membership, by @phillipthelen

Browse Source
This commit is contained in:
Sabe Jones
2024-06-11 13:14:47 -05:00
parent 758b6138c2
commit 5719e5e996
6 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/server/controllers/api-v3/chat.js
View File

@@ -295,7 +295,7 @@ api.likeChat = {
const group = await Group.getGroup({ user, groupId });
if (!group) throw new NotFound(res.t('groupNotFound'));
const message = await Chat.findOne({ _id: req.params.chatId }).exec();
const message = await Chat.findOne({ _id: req.params.chatId, groupId: group._id }).exec();
if (!message) throw new NotFound(res.t('messageGroupChatNotFound'));
if (!message.likes) message.likes = {};