MatrixSystemPVP
commented
3 years ago Above green line is before change and under the green line is after change
Closed MatrixSystemPVP closed 6 months ago
MatrixSystemPVP
commented
3 years ago Above green line is before change and under the green line is after change
anjannair
commented
2 years ago I do not why this isn't patched yet but this is actually critical and can confirm this issue exists. I hope the maintainer @1chiSensei fixes this.
anjannair
commented
2 years ago @MatrixSystemPVP Although I was just informed that the eval command can only be used by a bot owner so technically this PR is actually not necessary
MatrixSystemPVP
commented
2 years ago @anjannair Yes the eval command can only be used by a bot owner, but still you could be forced by someone or somehow leak it accidentally. Things can happen you didn't belived it could ever happen. Since it's a easy fix it should't be a problem to merge this PR.
anjannair
commented
2 years ago @MatrixSystemPVP I don't get how one can force you to run the eval comment. If forcing was so simple then they can even force you to reveal your token too. I guess the motive of this command to exist was to show the token.
MatrixSystemPVP
commented
2 years ago @anjannair I don't know either how but everything is possible in this world
Before you could eval 'this.sensitivePattern' or 'this._sensitivePattern' to gain the token and now you can't since the escaped preifx will also get replaced in the result message.