Prevent blacklisted users from quoting messages

skychatorg · Mar 16, 2024 · 3c67a7f · 3c67a7f
1 parent 6e1761e
commit 3c67a7f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 11 deletions.
diff --git a/app/server/plugins/core/global/PrivateMessagePlugin.ts b/app/server/plugins/core/global/PrivateMessagePlugin.ts
@@ -36,17 +36,17 @@ export class PrivateMessagePlugin extends GlobalPlugin {
 
     async run(alias: string, param: string, connection: Connection): Promise<void> {
         switch (alias) {
-        case 'pm':
-            await this.handlePM(param, connection);
-            break;
+            case 'pm':
+                await this.handlePM(param, connection);
+                break;
 
-        case 'pmadd':
-            await this.handlePMAdd(param, connection);
-            break;
+            case 'pmadd':
+                await this.handlePMAdd(param, connection);
+                break;
 
-        case 'pmleave':
-            await this.handlePMLeave(param, connection);
-            break;
+            case 'pmleave':
+                await this.handlePMLeave(param, connection);
+                break;
         }
     }
 
@@ -104,7 +104,7 @@ export class PrivateMessagePlugin extends GlobalPlugin {
             throw new Error('You can not add yourself to a private room');
         }
         if (BlacklistPlugin.hasBlacklisted(session.user, connection.session.user.username)) {
-            throw new Error(`User ${param} has blacklisted you. You can not add him to this private room`);
+            throw new Error(`User ${session.user.username} has blacklisted you. You can not add him to this private room`);
         }
         if (room.whitelist.indexOf(session.identifier) !== -1) {
             throw new Error(`User ${param} is already in this private room`);

diff --git a/app/server/plugins/core/room/MessagePlugin.ts b/app/server/plugins/core/room/MessagePlugin.ts
@@ -5,6 +5,7 @@ import { RoomPlugin } from '../../RoomPlugin';
 import { DatabaseHelper } from '../../../skychat/DatabaseHelper';
 import SQL from 'sql-template-strings';
 import { MessageLimiterPlugin } from '../../security_extra/MessageLimiterPlugin';
+import { BlacklistPlugin } from '../global/BlacklistPlugin';
 
 export class MessagePlugin extends RoomPlugin {
     static readonly commandName = 'message';
@@ -38,7 +39,12 @@ export class MessagePlugin extends RoomPlugin {
             // Otherwise, try to find the quoted message in the database
             quoted = quoted || (await MessageController.getMessageById(quoteId));
 
-            // If quote found, remote the quote string from the message
+            // If author has blacklisted the user, we don't allow the quote
+            if (quoted && BlacklistPlugin.hasBlacklisted(quoted?.user, connection.session.user.username)) {
+                throw new Error(`User ${param} has blacklisted you. You can not quote his messages`);
+            }
+
+            // If quote found, remove the quote string from the message
             if (quoted) {
                 content = content.slice(quoteMatch[0].length);
             }