Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 00:56:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #13087, disallow following cid -1

Browse Source
This commit is contained in:
Julian Lam
2025-01-29 12:44:42 -05:00
parent 6d88dcb2b5
commit ddb6e0f32b
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/user/categories.js
View File

@@ -4,19 +4,25 @@ const _ = require('lodash');
const db = require('../database');
const categories = require('../categories');
const activitypub = require('../activitypub');
const plugins = require('../plugins');
const utils = require('../utils');
module.exports = function (User) {
User.setCategoryWatchState = async function (uid, cids, state) {
if (!activitypub.helpers.isUri(uid) && !(parseInt(uid, 10) > 0)) {
if (utils.isNumber(uid) && parseInt(uid, 10) <= 0) {
return;
}
const isStateValid = Object.values(categories.watchStates).includes(parseInt(state, 10));
if (!isStateValid) {
throw new Error('[[error:invalid-watch-state]]');
}
cids = Array.isArray(cids) ? cids : [cids];
cids = new Set(Array.isArray(cids) ? cids : [cids]);
cids.delete(-1); // cannot watch cid -1
cids.delete('-1');
cids = Array.from(cids);
const exists = await categories.exists(cids);
if (exists.includes(false)) {
throw new Error('[[error:no-category]]');