fix roundabout way of jannies getting pin awards undone (not exploited so far AFAIK)

master
Aevann1 2022-10-23 23:36:38 +02:00
parent 8f6950a49b
commit 8e68f60e3d
1 changed files with 6 additions and 3 deletions

View File

@ -1208,13 +1208,16 @@ def distinguish_post(post_id, v):
@feature_required('PINS') @feature_required('PINS')
def sticky_post(post_id, v): def sticky_post(post_id, v):
post = get_post(post_id)
if post.stickied.endswith('(pin award)'):
abort(403, "Can't pin award pins!")
pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False).count() pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False).count()
if pins >= PIN_LIMIT and v.admin_level < PERMS['BYPASS_PIN_LIMIT']: if pins >= PIN_LIMIT and v.admin_level < PERMS['BYPASS_PIN_LIMIT']:
abort(403, f"Can't exceed {PIN_LIMIT} pinned posts limit!") abort(403, f"Can't exceed {PIN_LIMIT} pinned posts limit!")
post = get_post(post_id)
if not post.stickied_utc: if not post.stickied_utc:
post.stickied_utc = int(time.time()) + 3600 post.stickied_utc = int(time.time()) + 3600
pin_time = 'for 1 hour' pin_time = 'for 1 hour'