Skip to content

Commit 39e0fa8

Browse files
committed
Security: Messages: Ensure accepted friends have invitations sent
See advisory GHSA-m5xj-5xf3-rqch
1 parent 790ef51 commit 39e0fa8

File tree

2 files changed

+28
-7
lines changed

2 files changed

+28
-7
lines changed

main/inc/ajax/social.ajax.php

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -28,13 +28,16 @@
2828
}
2929

3030
if (isset($_GET['friend_id'])) {
31-
$my_current_friend = $_GET['friend_id'];
32-
UserManager::relate_users($current_user_id, $my_current_friend, $relation_type);
33-
UserManager::relate_users($my_current_friend, $current_user_id, $relation_type);
34-
SocialManager::invitation_accepted($my_current_friend, $current_user_id);
35-
Display::addFlash(
36-
Display::return_message(get_lang('AddedContactToList'), 'success')
37-
);
31+
$my_current_friend = (int) $_GET['friend_id'];
32+
33+
if (SocialManager::hasInvitationByUser($current_user_id, $my_current_friend)) {
34+
UserManager::relate_users($current_user_id, $my_current_friend, $relation_type);
35+
UserManager::relate_users($my_current_friend, $current_user_id, $relation_type);
36+
SocialManager::invitation_accepted($my_current_friend, $current_user_id);
37+
Display::addFlash(
38+
Display::return_message(get_lang('AddedContactToList'), 'success')
39+
);
40+
}
3841
}
3942
}
4043

main/inc/lib/social.lib.php

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -497,6 +497,24 @@ public static function get_list_invitation_sent_by_user_id($userId)
497497
return $list;
498498
}
499499

500+
public static function hasInvitationByUser(int $receiverId, int $senderId): bool
501+
{
502+
$result = Database::select(
503+
'count(1) as count',
504+
Database::get_main_table(TABLE_MESSAGE),
505+
[
506+
'where' => [
507+
'user_sender_id = ?' => $senderId,
508+
'AND user_receiver_id = ?' => $receiverId,
509+
'AND msg_status = ?' => MESSAGE_STATUS_INVITATION_PENDING,
510+
],
511+
],
512+
'first'
513+
);
514+
515+
return $result['count'] > 0;
516+
}
517+
500518
/**
501519
* Get count invitation sent by user.
502520
*

0 commit comments

Comments
 (0)