vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

fix: security issue in discussions component (#18903)

Browse source 
[skip ci]
This commit is contained in:
Jannat Patel 2022-11-17 11:39:43 +05:30 committed by GitHub
parent 1f6f31fc97
commit 6428930857
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
frappe/website/doctype/discussion_reply/discussion_reply.py
View file

@ -59,4 +59,6 @@ class DiscussionReply(Document):
@frappe.whitelist()
def delete_message(reply_name):
frappe.delete_doc("Discussion Reply", reply_name, ignore_permissions=True)
owner = frappe.db.get_value("Discussion Reply", reply_name, "owner")
if owner == frappe.session.user:
frappe.delete_doc("Discussion Reply", reply_name)