mirror of
https://gitlab.com/comunic/comunicapiv2
synced 2024-12-25 13:08:51 +00:00
Fix security issue
This commit is contained in:
parent
096f2da6a4
commit
34f9abbb1c
@ -181,7 +181,7 @@ export class ConversationsController {
|
||||
// Check for new conversations
|
||||
if(h.hasPostParameter("newConversations")) {
|
||||
for(const convID of h.postNumbersSet("newConversations", 0)) {
|
||||
if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
|
||||
if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
|
||||
h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
|
||||
|
||||
list["conversation-" + convID] = (await ConversationsHelper.GetLastMessages(convID, 10))
|
||||
@ -211,7 +211,7 @@ export class ConversationsController {
|
||||
const lastMessageID = Number.parseInt(element.last_message_id);
|
||||
|
||||
// Check user rights
|
||||
if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
|
||||
if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
|
||||
h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
|
||||
|
||||
// Get the messages
|
||||
|
Loading…
Reference in New Issue
Block a user