only allow users in the room to get raw message content

9 years ago · f71fd0a3ec
parent f4e502c793
commit f71fd0a3ec
3 changed files with 17 additions and 8 deletions
--- a/public/src/client/chats.js
+++ b/public/src/client/chats.js
@ -64,7 +64,7 @@ define('forum/chats', ['components', 'string', 'sounds', 'forum/infinitescroll',
 			.on('click', '[data-action="edit"]', function() {
 				var messageId = $(this).parents('[data-mid]').attr('data-mid');
 				var inputEl = components.get('chat/input');
-				Chats.prepEdit(inputEl, messageId);
+				Chats.prepEdit(inputEl, messageId, ajaxify.data.roomId);
 			})
 			.on('click', '[data-action="delete"]', function() {
 				var messageId = $(this).parents('[data-mid]').attr('data-mid');
@ -106,13 +106,13 @@ define('forum/chats', ['components', 'string', 'sounds', 'forum/infinitescroll',
 				var lastMid = message.attr('data-mid');
 				var inputEl = components.get('chat/input');

-				Chats.prepEdit(inputEl, lastMid);
+				Chats.prepEdit(inputEl, lastMid, ajaxify.data.roomId);
 			}
 		});
 	};

-	Chats.prepEdit = function(inputEl, messageId) {
-		socket.emit('modules.chats.getRaw', { mid: messageId }, function(err, raw) {
+	Chats.prepEdit = function(inputEl, messageId, roomId) {
+		socket.emit('modules.chats.getRaw', { mid: messageId, roomId: roomId }, function(err, raw) {
 			if (err) {
 				return app.alertError(err.message);
 			}
--- a/public/src/modules/chat.js
+++ b/public/src/modules/chat.js
@ -260,7 +260,7 @@ define('chat', ['components', 'taskbar', 'string', 'sounds', 'forum/chats', 'tra
 					.on('click', '[data-action="edit"]', function() {
 						var messageId = $(this).parents('[data-mid]').attr('data-mid');
 						var inputEl = chatModal.find('[component="chat/input"]');
-						Chats.prepEdit(inputEl, messageId);
+						Chats.prepEdit(inputEl, messageId, data.roomId);
 					})
 					.on('click', '[data-action="delete"]', function() {
 						var messageId = $(this).parents('[data-mid]').attr('data-mid');
--- a/src/socket.io/modules.js
+++ b/src/socket.io/modules.js
@ -31,11 +31,20 @@ SocketModules.chats.get = function(socket, data, callback) {
 };

 SocketModules.chats.getRaw = function(socket, data, callback) {
-	if(!data || !data.hasOwnProperty('mid')) {
+	if (!data || !data.hasOwnProperty('mid')) {
 		return callback(new Error('[[error:invalid-data]]'));
 	}
-
-	Messaging.getMessageField(data.mid, 'content', callback);
+	async.waterfall([
+		function (next) {
+			Messaging.isUserInRoom(socket.uid, data.roomId, next);
+		},
+		function (inRoom, next) {
+			if (!inRoom) {
+				return next(new Error('[[error:not-allowed]]'));
+			}
+			Messaging.getMessageField(data.mid, 'content', next);
+		}
+	], callback);
 };

 SocketModules.chats.newRoom = function(socket, data, callback) {