search

DigitalPulseSoftware / NotaBot

Source code of the bot of the french programming discord server NaN (Not a Name).
https://discord.gg/zcWp9sC
MIT License
26 stars 10 forks source link

[modo] Permissions should be checked on interaction #63

Closed RedsTom closed 1 year ago

RedsTom commented 1 year ago

Expected Behaviour:

The permissions of the moderator are checked before each action to ensure he is allowed to do the specified action (like ban, mute, open tickets, etc.)

⚠️ Actual Behaviour:

Any member with an access to the channel that clicks on an interaction can ban, mute, etc. without any permission check

📝 Proposal:

Add a permission check to see if the member/moderator clicking is allowed to execute the specific action.

https://github.com/DigitalPulseSoftware/NotaBot/blob/b1c8f3719a9f8674c0fa4a80b5d90b75eceac7bd/module_modo.lua#L513-L793

SirLynix commented 1 year ago

Yes indeed, this is a security issue. I will fix this asap