Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix everyone and here mention exploits #70

Closed
Naamloos opened this issue Feb 22, 2018 · 5 comments
Closed

Fix everyone and here mention exploits #70

Naamloos opened this issue Feb 22, 2018 · 5 comments

Comments

@Naamloos
Copy link
Owner

Naamloos commented Feb 22, 2018

Not shitty human beings exploiting the bot to mention here and everyone. Needs fixes.

Known occurences:

  • tag names
@Emzi0767
Copy link
Collaborator

  • Timer data (e.g. reminder messages)

@uwx
Copy link
Collaborator

uwx commented Feb 22, 2018

Make an overload for ctx.RespondAsync that escapes mentions when the user isn't trusted

@uwx
Copy link
Collaborator

uwx commented Feb 23, 2018

No, not yet.

@uwx uwx reopened this Feb 23, 2018
@uwx
Copy link
Collaborator

uwx commented Feb 23, 2018

I will make a method ElevatedRespondAsync that does not sanitize input, and a method SafeRespondAsync that does (Same thing with SendMessage). Much like in Rust, er, the game Rust, usage should be explicitly declared. The regular methods should not be used in future.

@uwx
Copy link
Collaborator

uwx commented Feb 23, 2018

Fixed by 6ba1c37

@uwx uwx closed this as completed Feb 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants