From 0b851d237c89ce6a90f1bf98c6fe622b4c42416a Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Sun, 23 Oct 2022 23:52:04 +0200
Subject: [PATCH] remove exploit allowing jannies to unpin award pins

---
 files/routes/admin.py | 2 --
 files/routes/users.py | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/files/routes/admin.py b/files/routes/admin.py
index dd77702b1..c49fb6912 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -1121,8 +1121,6 @@ def remove_post(post_id, v):
 	post = get_post(post_id)
 	post.is_banned = True
 	post.is_approved = None
-	post.stickied = None
-	post.is_pinned = False
 	post.ban_reason = v.username
 	g.db.add(post)
 
diff --git a/files/routes/users.py b/files/routes/users.py
index ae7b53a84..2e85c51e2 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -804,7 +804,7 @@ def u_username(username, v=None):
 
 	if page == 1:
 		sticky = []
-		sticky = g.db.query(Submission).filter_by(is_pinned=True, author_id=u.id).all()
+		sticky = g.db.query(Submission).filter_by(is_pinned=True, author_id=u.id, is_banned=False).all()
 		if sticky:
 			for p in sticky:
 				ids = [p.id] + ids