StyAndCo/zeppelin
3
0
Fork 0
mirror of https://github.com/ZeppelinBot/Zeppelin.git synced 2025-03-15 05:41:51 +00:00
Code Releases Activity

dont allow self targeting for set-perms (#434)

Browse source 
Signed-off-by: GitHub <noreply@github.com>
This commit is contained in:
Tiago R 2023-12-27 18:35:16 +00:00 committed by GitHub
parent e5e574625a
commit f17232e0c1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
backend/src/api/guilds.ts
View file

@ -126,7 +126,7 @@ export function initGuildsAPI(app: express.Express) {
if (type !== ApiPermissionTypes.User) {
return clientError(res, "Invalid type");
}
if (!isSnowflake(targetId)) {
if (!isSnowflake(targetId) || targetId === req.user!.userId) {
return clientError(res, "Invalid targetId");
}
const validPermissions = new Set(Object.values(ApiPermissions));