diff options
| author | ryexandra <68085235+ryexandra@users.noreply.github.com> | 2020-07-14 07:17:25 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-14 09:17:25 -0400 |
| commit | 29037b49952dd95a08639b27b08c8a8e68a13026 (patch) | |
| tree | eed2656e786b389aa599667df496632421ad91bd /server/lemmy_db/src/lib.rs | |
| parent | 52983907c4d1b7fda1182316cb631f9b5e913f5b (diff) | |
Security/fix permission bugs (#966)
* secure the `EditPost` API endpoint
* Check user is moderator in BanFromCommunity
* secure the `EditComment` API endpoint
* pass orig `read` prob when not explicitly updating it.
* Block random users from adding mods.
* use cleaner logic from `EditPost`
* prevent editing a community by a mod from transfering ownership to them
* secure `read` action in `EditPrivateMessage`
* Add check in UserMention
* only let the indended recipient mark as read
* simplify booleans to satisfy clippy
* requested changes + cargo +nightly fmt
* fix to pass federation tests for deleting comments and posts
Co-authored-by: chiminh <chiminh.tutanota.com>
Co-authored-by: Hex Bear <buildadangtrain@protonmail.com>
Diffstat (limited to 'server/lemmy_db/src/lib.rs')
| -rw-r--r-- | server/lemmy_db/src/lib.rs | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/server/lemmy_db/src/lib.rs b/server/lemmy_db/src/lib.rs index 5cf20bb3..2eead841 100644 --- a/server/lemmy_db/src/lib.rs +++ b/server/lemmy_db/src/lib.rs @@ -181,7 +181,10 @@ mod tests { pub fn establish_unpooled_connection() -> PgConnection { let db_url = match get_database_url_from_env() { Ok(url) => url, - Err(e) => panic!("Failed to read database URL from env var LEMMY_DATABASE_URL: {}", e), + Err(e) => panic!( + "Failed to read database URL from env var LEMMY_DATABASE_URL: {}", + e + ), }; PgConnection::establish(&db_url).unwrap_or_else(|_| panic!("Error connecting to {}", db_url)) } |