liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Filter everyone/here pings if the proxy sender doesn't have permission

Browse Source
This commit is contained in:
Ske
2019-07-28 15:38:28 +02:00
parent 2217b87afe
commit 59dbc5368b
2 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
PluralKit.Bot/Services/ProxyService.cs
View File

@@ -88,6 +88,9 @@ namespace PluralKit.Bot
public async Task HandleMessageAsync(IMessage message) public async Task HandleMessageAsync(IMessage message)
{ {
// Bail early if this isn't in a guild channel
if (!(message.Channel is IGuildChannel)) return;
IEnumerable<ProxyDatabaseResult> results; IEnumerable<ProxyDatabaseResult> results;
using (var conn = await _conn.Obtain()) using (var conn = await _conn.Obtain())
{ {
@@ -108,11 +111,14 @@ namespace PluralKit.Bot
// Can't proxy a message with no content and no attachment // Can't proxy a message with no content and no attachment
if (match.InnerText.Trim().Length == 0 && message.Attachments.Count == 0) if (match.InnerText.Trim().Length == 0 && message.Attachments.Count == 0)
return; return;
// Sanitize @everyone, but only if the original user wouldn't have permission to
var messageContents = SanitizeEveryoneMaybe(message, match.InnerText);
// Fetch a webhook for this channel, and send the proxied message // Fetch a webhook for this channel, and send the proxied message
var webhook = await _webhookCache.GetWebhook(message.Channel as ITextChannel); var webhook = await _webhookCache.GetWebhook(message.Channel as ITextChannel);
var avatarUrl = match.Member.AvatarUrl ?? match.System.AvatarUrl; var avatarUrl = match.Member.AvatarUrl ?? match.System.AvatarUrl;
var hookMessageId = await ExecuteWebhook(webhook, match.InnerText, match.ProxyName, avatarUrl, message.Attachments.FirstOrDefault()); var hookMessageId = await ExecuteWebhook(webhook, messageContents, match.ProxyName, avatarUrl, message.Attachments.FirstOrDefault());
// Store the message in the database, and log it in the log channel (if applicable) // Store the message in the database, and log it in the log channel (if applicable)
await _messageStorage.Store(message.Author.Id, hookMessageId, message.Channel.Id, message.Id, match.Member); await _messageStorage.Store(message.Author.Id, hookMessageId, message.Channel.Id, message.Id, match.Member);
@@ -127,6 +133,13 @@ namespace PluralKit.Bot
} catch (HttpException) {} // If it's already deleted, we just swallow the exception } catch (HttpException) {} // If it's already deleted, we just swallow the exception
} }
private static string SanitizeEveryoneMaybe(IMessage message, string messageContents)
{
var senderPermissions = ((IGuildUser) message.Author).GetPermissions(message.Channel as IGuildChannel);
if (!senderPermissions.MentionEveryone) return messageContents.SanitizeEveryone();
return messageContents;
}
private async Task<bool> EnsureBotPermissions(ITextChannel channel) private async Task<bool> EnsureBotPermissions(ITextChannel channel)
{ {
var guildUser = await channel.Guild.GetCurrentUserAsync(); var guildUser = await channel.Guild.GetCurrentUserAsync();

3
PluralKit.Bot/Utils.cs
View File

@@ -82,6 +82,9 @@ namespace PluralKit.Bot
public static string Sanitize(this string input) => public static string Sanitize(this string input) =>
Regex.Replace(Regex.Replace(input, "<@[!&]?(\\d{17,19})>", "<\\@$1>"), "@(everyone|here)", "@\u200B$1"); Regex.Replace(Regex.Replace(input, "<@[!&]?(\\d{17,19})>", "<\\@$1>"), "@(everyone|here)", "@\u200B$1");
public static string SanitizeEveryone(this string input) =>
Regex.Replace(input, "@(everyone|here)", "@\u200B$1");
public static async Task<ChannelPermissions> PermissionsIn(this IChannel channel) public static async Task<ChannelPermissions> PermissionsIn(this IChannel channel)
{ {