StyAndCo/zappyzep
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dont allow self targeting for set-perms (#434)

Browse source 
Signed-off-by: GitHub <noreply@github.com>
This commit is contained in:
Tiago R 2023-12-27 18:35:16 +00:00 committed by GitHub
parent e5e574625a
commit f17232e0c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
backend/src/api/guilds.ts
View file

@ -126,7 +126,7 @@ export function initGuildsAPI(app: express.Express) {
if (type !== ApiPermissionTypes.User) { if (type !== ApiPermissionTypes.User) {
return clientError(res, "Invalid type"); return clientError(res, "Invalid type");
} }
if (!isSnowflake(targetId)) { if (!isSnowflake(targetId) || targetId === req.user!.userId) {
return clientError(res, "Invalid targetId"); return clientError(res, "Invalid targetId");
} }
const validPermissions = new Set(Object.values(ApiPermissions)); const validPermissions = new Set(Object.values(ApiPermissions));