Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-09 07:25:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

9622 (#9625)

Browse Source 
* fix: #9622

dont allow regular user to remove system tags

* refactor: add guest/spider check to isPrivileged

string/trim tag
This commit is contained in:
Barış Soner Uşaklı
2021-06-22 12:21:52 -04:00
committed by GitHub
parent 0d975bc4fb
commit 1bf263c4a2
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/socket.io/topics/tags.js
View File

@@ -32,7 +32,7 @@ module.exports = function (SocketTopics) {
const systemTags = (meta.config.systemTags || '').split(','); const systemTags = (meta.config.systemTags || '').split(',');
const isPrivileged = await user.isPrivileged(socket.uid); const isPrivileged = await user.isPrivileged(socket.uid);
return isPrivileged || !systemTags.includes(data.tag); return isPrivileged || !systemTags.includes(String(data.tag).trim());
}; };
SocketTopics.autocompleteTags = async function (socket, data) { SocketTopics.autocompleteTags = async function (socket, data) {

3
src/user/index.js
View File

@@ -159,6 +159,9 @@ User.getPrivileges = async function (uid) {
}; };
User.isPrivileged = async function (uid) { User.isPrivileged = async function (uid) {
if (!(parseInt(uid, 10) > 0)) {
return false;
}
const results = await User.getPrivileges(uid); const results = await User.getPrivileges(uid);
return results ? (results.isAdmin || results.isGlobalModerator || results.isModeratorOfAnyCategory) : false; return results ? (results.isAdmin || results.isGlobalModerator || results.isModeratorOfAnyCategory) : false;
}; };