first basic protection - #524
This commit is contained in:
parent
58bc8f2c10
commit
42d9da161b
@ -627,6 +627,14 @@ export class NoteCreateService implements OnApplicationShutdown {
|
||||
userHost: user.host,
|
||||
});
|
||||
|
||||
// should really not happen, but better safe than sorry
|
||||
if (data.reply?.id === insert.id) {
|
||||
throw new Error("A note can't reply to itself");
|
||||
}
|
||||
if (data.renote?.id === insert.id) {
|
||||
throw new Error("A note can't renote itself");
|
||||
}
|
||||
|
||||
if (data.uri != null) insert.uri = data.uri;
|
||||
if (data.url != null) insert.url = data.url;
|
||||
|
||||
|
@ -299,6 +299,10 @@ export class NoteEditService implements OnApplicationShutdown {
|
||||
}
|
||||
|
||||
if (data.renote) {
|
||||
if (data.renote.id === oldnote.id) {
|
||||
throw new Error("A note can't renote itself");
|
||||
}
|
||||
|
||||
switch (data.renote.visibility) {
|
||||
case 'public':
|
||||
// public noteは無条件にrenote可能
|
||||
|
Loading…
Reference in New Issue
Block a user