Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tag fallback bypasses the bot's DM restrictions #650

Open
SebastiaanZ opened this issue Nov 4, 2019 · 0 comments

Comments

@SebastiaanZ
Copy link
Member

@SebastiaanZ SebastiaanZ commented Nov 4, 2019

When a user issues a command that does not exist, we fall back to trying to match it as a tag name. This means that a message containing !f-strings, which is not a command in itself, will result in the bot sending the contents of the f-strings tag. This is a great feature, but it currently does not respect the DM-restriction we've put in place: Members should only be able to issue commands in public channels, not a DM conversation with the bot.

The current code responsible for the tag fallback only checks if the user is not issuing the pseudo-command in checkpoint. The global checks that prevent commands from being issued in DMs are defined in the security cog.

Bot response after command in DM

command_in_dm

Bot response after tag in DM

tag_in_dm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.