Sanitize @everyone and @here in proxied messages

2018-10-23 01:14:33 +02:00 · 2018-10-23 01:14:33 +02:00 · 7636a48d14
commit 7636a48d14
parent 7174979fd1
2 changed files with 8 additions and 2 deletions
--- a/src/pluralkit/bot/proxy.py
+++ b/src/pluralkit/bot/proxy.py
@ -163,7 +163,6 @@ class Proxy:
        if member.avatar_url:
            form_data.add_field("avatar_url", member.avatar_url)

-        time_before = time.perf_counter()
        async with self.session.post(
                "https://discordapp.com/api/v6/webhooks/{}/{}?wait=true".format(hook_id, hook_token),
                data=form_data) as resp:
@ -238,6 +237,9 @@ class Proxy:
            self.logger.debug("Skipping message because of no text and no attachment")
            return False

+        # Remember to sanitize the text (remove @everyones and such)
+        text = utils.sanitize(text)
+
        try:
            async with conn.transaction():
                await self.do_proxy_message(conn, member, message, text=text, attachment_url=attachment_url)
--- a/src/pluralkit/bot/utils.py
+++ b/src/pluralkit/bot/utils.py
@ -74,4 +74,8 @@ async def get_member_fuzzy(conn, system_id: int, key: str, system_only=True) ->
    if system_id:
        member = await db.get_member_by_name(conn, system_id=system_id, member_name=key)
        if member is not None:
-            return member
+            return member
+
+def sanitize(text):
+    # Insert a zero-width space in @everyone so it doesn't trigger
+    return text.replace("@everyone", "@\u200beveryone").replace("@here", "@\u200bhere")