StyAndCo/zeppelin
3
0
Fork 0
mirror of https://github.com/ZeppelinBot/Zeppelin.git synced 2025-07-07 02:57:20 +00:00
Code Releases Activity

dont allow self targeting for set-perms

Browse source 
Signed-off-by: GitHub <noreply@github.com>
This commit is contained in:
Tiago R 2023-11-26 12:55:06 +00:00 committed by GitHub
parent b47db15ad2
commit 99cb2e01d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
backend/src/api/guilds.ts
View file

@ -126,7 +126,7 @@ export function initGuildsAPI(app: express.Express) {
if (type !== ApiPermissionTypes.User) {
return clientError(res, "Invalid type");
}
if (!isSnowflake(targetId)) {
if (!isSnowflake(targetId) || targetId === req.user!.userId) {
return clientError(res, "Invalid targetId");
}
const validPermissions = new Set(Object.values(ApiPermissions));