Nerimity / nerimity-server

GNU General Public License v3.0
36 stars 15 forks source link

APi endpoint with no safety #8

Closed bedros-p closed 1 year ago

bedros-p commented 1 year ago

/api/servers/<serverid>/invites/custom POST request with body of:

{
    "code":"<custom code here>"
}

Doesn't check if server id is that of a verified server, it's only a client side filter preventing users from making a custom URL

just removing the div that's positioned above it is enough to let me create a custom URL, or alternatively making a POST request to that endpoint with that request body

SupertigerDev commented 1 year ago

https://github.com/Nerimity/nerimity-server/commit/2417adba492b900f71a32cc20bf5cc79251eca54 Should be fixed, thanks 😄