commit 3228f4eff5df7040dc97b45cdccd887139eb8d3d
parent 92b61faf19fa5c1ccec00cdc64584f51a0937cef
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Fri, 9 Jun 2023 00:28:28 -0700
extra security
Diffstat:
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -5127,7 +5127,9 @@ func ChatStreamMessagesHandler(c echo.Context) error {
// Register modals and send the css for them
modalsManager := streamModals.NewModalsManager()
modalsManager.Register(streamModals.NewCodeModal(authUser.ID, room))
- modalsManager.Register(streamModals.NewPurgeModal(authUser.ID, room))
+ if authUser.IsAdmin {
+ modalsManager.Register(streamModals.NewPurgeModal(authUser.ID, room))
+ }
send(modalsManager.Css())
data.ReadMarker, _ = db.GetUserReadMarker(authUser.ID, room.ID)
diff --git a/pkg/web/handlers/streamModals/purgeModal.go b/pkg/web/handlers/streamModals/purgeModal.go
@@ -122,7 +122,7 @@ func (_ PurgeModal) InterceptMsg(cmd *command.Command) {
username := database.Username(cmd.C.Request().PostFormValue("username"))
typ := cmd.C.Request().PostFormValue("typ")
- if sender != "purgeModal" {
+ if !cmd.AuthUser.IsAdmin || sender != "purgeModal" {
return
}
