Fix arbitrary access to reminder list.
This commit is contained in:
parent
4a17aac15c
commit
01dc0334fd
@ -311,7 +311,15 @@ pub async fn create_guild_reminder(
|
|||||||
}
|
}
|
||||||
|
|
||||||
#[get("/api/guild/<id>/reminders")]
|
#[get("/api/guild/<id>/reminders")]
|
||||||
pub async fn get_reminders(id: u64, ctx: &State<Context>, pool: &State<Pool<MySql>>) -> JsonResult {
|
pub async fn get_reminders(
|
||||||
|
id: u64,
|
||||||
|
cookies: &CookieJar<'_>,
|
||||||
|
ctx: &State<Context>,
|
||||||
|
serenity_context: &State<Context>,
|
||||||
|
pool: &State<Pool<MySql>>,
|
||||||
|
) -> JsonResult {
|
||||||
|
check_authorization!(cookies, serenity_context.inner(), id);
|
||||||
|
|
||||||
let channels_res = GuildId(id).channels(&ctx.inner()).await;
|
let channels_res = GuildId(id).channels(&ctx.inner()).await;
|
||||||
|
|
||||||
match channels_res {
|
match channels_res {
|
||||||
|
@ -427,6 +427,14 @@ document.addEventListener("guildSwitched", async (e) => {
|
|||||||
`.switch-pane[data-guild="${e.detail.guild_id}"]`
|
`.switch-pane[data-guild="${e.detail.guild_id}"]`
|
||||||
);
|
);
|
||||||
|
|
||||||
|
let hasError = false;
|
||||||
|
|
||||||
|
if ($anchor === null) {
|
||||||
|
switch_pane("user-error");
|
||||||
|
hasError = true;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
switch_pane($anchor.dataset["pane"]);
|
switch_pane($anchor.dataset["pane"]);
|
||||||
reset_guild_pane();
|
reset_guild_pane();
|
||||||
$anchor.classList.add("is-active");
|
$anchor.classList.add("is-active");
|
||||||
@ -437,7 +445,7 @@ document.addEventListener("guildSwitched", async (e) => {
|
|||||||
.forEach((el) => el.classList.remove("is-locked"));
|
.forEach((el) => el.classList.remove("is-locked"));
|
||||||
}
|
}
|
||||||
|
|
||||||
let hasError = await fetch_channels(e.detail.guild_id);
|
hasError = await fetch_channels(e.detail.guild_id);
|
||||||
if (!hasError) {
|
if (!hasError) {
|
||||||
fetch_roles(e.detail.guild_id);
|
fetch_roles(e.detail.guild_id);
|
||||||
fetch_templates(e.detail.guild_id);
|
fetch_templates(e.detail.guild_id);
|
||||||
|
Loading…
Reference in New Issue
Block a user