first basic protection - #524

This commit is contained in:
dakkar 2024-05-14 16:58:06 +01:00
parent 58bc8f2c10
commit 42d9da161b
2 changed files with 12 additions and 0 deletions

View File

@ -627,6 +627,14 @@ export class NoteCreateService implements OnApplicationShutdown {
userHost: user.host, userHost: user.host,
}); });
// should really not happen, but better safe than sorry
if (data.reply?.id === insert.id) {
throw new Error("A note can't reply to itself");
}
if (data.renote?.id === insert.id) {
throw new Error("A note can't renote itself");
}
if (data.uri != null) insert.uri = data.uri; if (data.uri != null) insert.uri = data.uri;
if (data.url != null) insert.url = data.url; if (data.url != null) insert.url = data.url;

View File

@ -299,6 +299,10 @@ export class NoteEditService implements OnApplicationShutdown {
} }
if (data.renote) { if (data.renote) {
if (data.renote.id === oldnote.id) {
throw new Error("A note can't renote itself");
}
switch (data.renote.visibility) { switch (data.renote.visibility) {
case 'public': case 'public':
// public noteは無条件にrenote可能 // public noteは無条件にrenote可能