1
0
mirror of https://gitlab.com/comunic/comunicapiv2 synced 2024-12-25 13:08:51 +00:00

Fix security issue

This commit is contained in:
Pierre HUBERT 2020-06-18 13:16:36 +02:00
parent 096f2da6a4
commit 34f9abbb1c

View File

@ -181,7 +181,7 @@ export class ConversationsController {
// Check for new conversations
if(h.hasPostParameter("newConversations")) {
for(const convID of h.postNumbersSet("newConversations", 0)) {
if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
list["conversation-" + convID] = (await ConversationsHelper.GetLastMessages(convID, 10))
@ -211,7 +211,7 @@ export class ConversationsController {
const lastMessageID = Number.parseInt(element.last_message_id);
// Check user rights
if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
// Get the messages