1
0
mirror of https://github.com/spacebarchat/server.git synced 2024-11-25 11:43:07 +01:00

Merge pull request from GHSA-9q7f-pv47-cxp9

This commit is contained in:
Madeline 2023-02-02 22:22:30 +11:00 committed by GitHub
parent a03f7c8948
commit 51239d60f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -63,6 +63,15 @@ router.patch(
where: { guild_id: guild_id, name: "@everyone", position: 0 },
});
if ("nick" in body) {
permission.hasThrow("MANAGE_NICKNAMES");
}
if (("bio" in body || "avatar" in body) && member_id != "@me") {
const rights = await getRights(req.user_id);
rights.hasThrow("MANAGE_USERS");
}
if (body.avatar)
body.avatar = await handleFile(
`/guilds/${guild_id}/users/${member_id}/avatars`,
@ -71,6 +80,8 @@ router.patch(
member.assign(body);
// must do this after the assign because the body roles array
// is string[] not Role[]
if ("roles" in body) {
permission.hasThrow("MANAGE_ROLES");
@ -79,7 +90,8 @@ router.patch(
if (body.roles.indexOf(everyone.id) === -1)
body.roles.push(everyone.id);
member.roles = body.roles.map((x) => Role.create({ id: x })); // foreign key constraint will fail if role doesn't exist
// foreign key constraint will fail if role doesn't exist
member.roles = body.roles.map((x) => Role.create({ id: x }));
}
await member.save();