From 8e68f60e3d2d55a1c2acba36c3ede80a6985d659 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Sun, 23 Oct 2022 23:36:38 +0200
Subject: [PATCH] fix roundabout way of jannies getting pin awards undone (not
 exploited so far AFAIK)

---
 files/routes/admin.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/files/routes/admin.py b/files/routes/admin.py
index f536931a7..dd77702b1 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -1207,14 +1207,17 @@ def distinguish_post(post_id, v):
 @admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 @feature_required('PINS')
 def sticky_post(post_id, v):
-	
+
+	post = get_post(post_id)
+
+	if post.stickied.endswith('(pin award)'):
+		abort(403, "Can't pin award pins!")
+
 	pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False).count()
 
 	if pins >= PIN_LIMIT and v.admin_level < PERMS['BYPASS_PIN_LIMIT']:
 		abort(403, f"Can't exceed {PIN_LIMIT} pinned posts limit!")
 
-	post = get_post(post_id)
-
 	if not post.stickied_utc:
 		post.stickied_utc = int(time.time()) + 3600
 		pin_time = 'for 1 hour'