Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(MassDM): only allow use of safe model attributes
  • Loading branch information
tmercswims committed Aug 11, 2021
1 parent 32eccab commit 92325be
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 1 deletion.
12 changes: 11 additions & 1 deletion massdm/massdm.py
Expand Up @@ -3,6 +3,8 @@

from redbot.core import checks, commands

from .safemodels import SafeGuild, SafeMember, SafeRole

__author__ = "tmerc"

log = logging.getLogger("red.tmerc.massdm")
Expand Down Expand Up @@ -36,7 +38,15 @@ async def massdm(self, ctx: commands.Context, role: discord.Role, *, message: st

for member in [m for m in role.members if not m.bot]:
try:
await member.send(message.format(member=member, role=role, server=ctx.guild, sender=ctx.author))
await member.send(
message.format(
member=SafeMember(member),
role=SafeRole(role),
server=SafeGuild(ctx.guild),
guild=SafeGuild(ctx.guild),
sender=SafeMember(ctx.author),
)
)
except discord.Forbidden:
log.warning(f"Failed to DM user {member} (ID {member.id}): insufficient permissions")
continue
Expand Down
52 changes: 52 additions & 0 deletions massdm/safemodels.py
@@ -0,0 +1,52 @@
import discord


class SafeMember:
def __init__(self, member: discord.Member) -> None:
self.name = str(member.name)
self.display_name = str(member.display_name)
self.nick = str(member.nick)
self.id = str(member.id)
self.mention = str(member.mention)
self.discriminator = str(member.discriminator)
self.color = str(member.color)
self.colour = str(member.colour)
self.created_at = str(member.created_at)
self.joined_at = str(member.joined_at)

def __str__(self):
return self.name

def __getattr__(self, name):
return self


class SafeRole:
def __init__(self, role: discord.Role) -> None:
self.name = str(role.name)
self.id = str(role.id)
self.mention = str(role.mention)
self.color = str(role.color)
self.colour = str(role.colour)
self.position = str(role.position)
self.created_at = str(role.created_at)

def __str__(self):
return self.name

def __getattr__(self, name):
return self


class SafeGuild:
def __init__(self, guild: discord.Guild) -> None:
self.name = str(guild.name)
self.id = str(guild.id)
self.description = str(guild.description)
self.created_at = str(guild.created_at)

def __str__(self):
return self.name

def __getattr__(self, name):
return self

0 comments on commit 92325be

Please sign in to comment.