krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-19 07:37:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(chat): validate group membership, by @phillipthelen

Browse Source
This commit is contained in:
Sabe Jones
2024-06-11 13:14:47 -05:00
parent 758b6138c2
commit 5719e5e996
6 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
website/server/libs/chatReporting/groupChatReporter.js
View File

@@ -36,7 +36,7 @@ export default class GroupChatReporter extends ChatReporter {
});
if (!group) throw new NotFound(this.res.t('groupNotFound'));
const message = await Chat.findOne({ _id: this.req.params.chatId }).exec();
const message = await Chat.findOne({ _id: this.req.params.chatId, groupId: group._id }).exec();
if (!message) throw new NotFound(this.res.t('messageGroupChatNotFound'));
if (message.uuid === 'system') throw new BadRequest(this.res.t('messageCannotFlagSystemMessages', { communityManagerEmail: COMMUNITY_MANAGER_EMAIL }));