From af60fc3ed7612e265cfb82d209e2baaac728c32d Mon Sep 17 00:00:00 2001 From: Aevann Date: Fri, 30 Dec 2022 20:19:34 +0200 Subject: [PATCH] fix exploit --- files/routes/comments.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/files/routes/comments.py b/files/routes/comments.py index d010a467c..40bc130ec 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -42,11 +42,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): g.db.add(notif) g.db.commit() - if not pid: - if comment.parent_submission: pid = comment.parent_submission - else: pid = NOTIFICATION_THREAD - - post = get_post(pid, v=v) + post = comment.post if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()): if v and v.client: abort(403, "This content is not suitable for some users and situations.")