From 7a837624e366a789f5cb2ea1d34caa59617e9ed8 Mon Sep 17 00:00:00 2001 From: Juliusz Chroboczek Date: Wed, 8 May 2024 15:38:51 +0200 Subject: [PATCH] Enforce clearchat permissions in the server. It was only being enforced in the client. --- rtpconn/webclient.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rtpconn/webclient.go b/rtpconn/webclient.go index f4fe2be..483227c 100644 --- a/rtpconn/webclient.go +++ b/rtpconn/webclient.go @@ -1612,6 +1612,9 @@ func handleClientMessage(c *webClient, m clientMessage) error { } switch m.Kind { case "clearchat": + if !member("op", c.permissions) { + return c.error(group.UserError("not authorised")) + } g.ClearChatHistory() m := clientMessage{ Type: "usermessage",