From 3e4e57d5543277cdf42da03b20229851eb24be69 Mon Sep 17 00:00:00 2001 From: ugla Date: Sat, 25 Jun 2022 11:14:05 +0200 Subject: [bugfix] disallow following or blocking yoursel (#667) Closes #664 --- internal/processing/account/createblock.go | 5 +++++ internal/processing/account/createfollow.go | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'internal/processing') diff --git a/internal/processing/account/createblock.go b/internal/processing/account/createblock.go index e1bad0d38..dfe1475cb 100644 --- a/internal/processing/account/createblock.go +++ b/internal/processing/account/createblock.go @@ -46,6 +46,11 @@ func (p *processor) BlockCreate(ctx context.Context, requestingAccount *gtsmodel return p.RelationshipGet(ctx, requestingAccount, targetAccountID) } + // don't block yourself, silly + if requestingAccount.ID == targetAccountID { + return nil, gtserror.NewErrorNotAcceptable(fmt.Errorf("BlockCreate: account %s cannot block itself", requestingAccount.ID)) + } + // make the block block := >smodel.Block{} newBlockID, err := id.NewULID() diff --git a/internal/processing/account/createfollow.go b/internal/processing/account/createfollow.go index cd2dcbd8c..49430b9fb 100644 --- a/internal/processing/account/createfollow.go +++ b/internal/processing/account/createfollow.go @@ -65,6 +65,11 @@ func (p *processor) FollowCreate(ctx context.Context, requestingAccount *gtsmode return p.RelationshipGet(ctx, requestingAccount, form.ID) } + // check for attempt to follow self + if requestingAccount.ID == targetAcct.ID { + return nil, gtserror.NewErrorNotAcceptable(fmt.Errorf("accountfollowcreate: account %s cannot follow itself", requestingAccount.ID)) + } + // make the follow request newFollowID, err := id.NewRandomULID() if err != nil { -- cgit v1.2.3