Fix security issue

2025-11-04 03:24:04 +00:00 · 2020-06-18 13:16:36 +02:00
parent 096f2da6a4
commit 34f9abbb1c
1 changed files with 2 additions and 2 deletions
--- a/src/controllers/ConversationsController.ts
+++ b/src/controllers/ConversationsController.ts
@@ -181,7 +181,7 @@ export class ConversationsController {
 		// Check for new conversations
 		if(h.hasPostParameter("newConversations")) {
 			for(const convID of h.postNumbersSet("newConversations", 0)) {
-				if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
+				if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
 					h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
 				
 				list["conversation-" + convID] = (await ConversationsHelper.GetLastMessages(convID, 10))
@@ -211,7 +211,7 @@ export class ConversationsController {
 					const lastMessageID = Number.parseInt(element.last_message_id);

 					// Check user rights
-					if(!ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
+					if(!await ConversationsHelper.DoesUsersBelongsTo(h.getUserId(), convID))
 						h.error(401, "You are not allowed to fetch the messages of this conversation ("+convID+")!");
 					
 					// Get the messages