From f08524ee197d46f9d26fc950b644bb955674f893 Mon Sep 17 00:00:00 2001 From: spiral Date: Fri, 14 Jan 2022 19:44:44 -0500 Subject: [PATCH] fix: don't leak the existence of private info in lists (#412) --- .../Commands/Lists/ContextListExt.cs | 2 +- .../Commands/Lists/MemberListOptions.cs | 21 +++++++++++-------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/PluralKit.Bot/Commands/Lists/ContextListExt.cs b/PluralKit.Bot/Commands/Lists/ContextListExt.cs index 24c10d53..b562b105 100644 --- a/PluralKit.Bot/Commands/Lists/ContextListExt.cs +++ b/PluralKit.Bot/Commands/Lists/ContextListExt.cs @@ -132,7 +132,7 @@ public static class ContextListExt } case SortProperty.DisplayName: { - if (m.DisplayName != null) + if (m.DisplayName != null && m.NamePrivacy.CanAccess(lookupCtx)) ret += $"({m.DisplayName})"; break; } diff --git a/PluralKit.Bot/Commands/Lists/MemberListOptions.cs b/PluralKit.Bot/Commands/Lists/MemberListOptions.cs index 8e9a67fc..96b4f87a 100644 --- a/PluralKit.Bot/Commands/Lists/MemberListOptions.cs +++ b/PluralKit.Bot/Commands/Lists/MemberListOptions.cs @@ -89,23 +89,26 @@ public static class MemberListOptionsExt // We want nulls last no matter what, even if orders are reversed SortProperty.Hid => input.OrderBy(m => m.Hid, ReverseMaybe(culture)), SortProperty.Name => input.OrderBy(m => m.NameFor(ctx), ReverseMaybe(culture)), - SortProperty.CreationDate => input.OrderBy(m => m.Created, ReverseMaybe(Comparer.Default)), - SortProperty.MessageCount => input.OrderByDescending(m => m.MessageCount, - ReverseMaybe(Comparer.Default)), + SortProperty.CreationDate => input + .OrderByDescending(m => m.MetadataPrivacy.CanAccess(ctx)) + .ThenBy(m => m.MetadataPrivacy.Get(ctx, m.Created, default), ReverseMaybe(Comparer.Default)), + SortProperty.MessageCount => input + .OrderByDescending(m => m.MessageCount != 0 && m.MetadataPrivacy.CanAccess(ctx)) + .ThenByDescending(m => m.MetadataPrivacy.Get(ctx, m.MessageCount, 0), ReverseMaybe(Comparer.Default)), SortProperty.DisplayName => input - .OrderByDescending(m => m.DisplayName != null) - .ThenBy(m => m.DisplayName, ReverseMaybe(culture)), + .OrderByDescending(m => m.DisplayName != null && m.NamePrivacy.CanAccess(ctx)) + .ThenBy(m => m.NamePrivacy.Get(ctx, m.DisplayName), ReverseMaybe(culture)), SortProperty.Birthdate => input - .OrderByDescending(m => m.AnnualBirthday.HasValue) - .ThenBy(m => m.AnnualBirthday, ReverseMaybe(Comparer.Default)), + .OrderByDescending(m => m.AnnualBirthday.HasValue && m.BirthdayPrivacy.CanAccess(ctx)) + .ThenBy(m => m.BirthdayPrivacy.Get(ctx, m.AnnualBirthday), ReverseMaybe(Comparer.Default)), SortProperty.LastMessage => throw new PKError( "Sorting by last message is temporarily disabled due to database issues, sorry."), // SortProperty.LastMessage => input // .OrderByDescending(m => m.LastMessage.HasValue) // .ThenByDescending(m => m.LastMessage, ReverseMaybe(Comparer.Default)), SortProperty.LastSwitch => input - .OrderByDescending(m => m.LastSwitchTime.HasValue) - .ThenByDescending(m => m.LastSwitchTime, ReverseMaybe(Comparer.Default)), + .OrderByDescending(m => m.LastSwitchTime.HasValue && m.MetadataPrivacy.CanAccess(ctx)) + .ThenByDescending(m => m.MetadataPrivacy.Get(ctx, m.LastSwitchTime), ReverseMaybe(Comparer.Default)), SortProperty.Random => input .OrderBy(m => randGen.Next()), _ => throw new ArgumentOutOfRangeException($"Unknown sort property {opts.SortProperty}")