Closed MatrixSystemPVP closed 6 months ago
Above green line is before change and under the green line is after change
I do not why this isn't patched yet but this is actually critical and can confirm this issue exists. I hope the maintainer @1chiSensei fixes this.
@MatrixSystemPVP Although I was just informed that the eval command can only be used by a bot owner so technically this PR is actually not necessary
@anjannair Yes the eval command can only be used by a bot owner, but still you could be forced by someone or somehow leak it accidentally. Things can happen you didn't belived it could ever happen. Since it's a easy fix it should't be a problem to merge this PR.
@MatrixSystemPVP I don't get how one can force you to run the eval comment. If forcing was so simple then they can even force you to reveal your token too. I guess the motive of this command to exist was to show the token.
@anjannair I don't know either how but everything is possible in this world
Before you could eval 'this.sensitivePattern' or 'this._sensitivePattern' to gain the token and now you can't since the escaped preifx will also get replaced in the result message.