fix security bug

files/lib/data/discord/bot/DiscordBot.class.php

@@ -6,6 +6,7 @@
 use wcf\data\file\File;
 use wcf\system\cache\builder\DiscordGuildChannelCacheBuilder;
 use wcf\system\discord\DiscordApi;
+use wcf\system\WCF;
 
 /**
  * Discord-Bot-Objekt
@@ -95,4 +96,17 @@ public function getWebhookAvatarData(): ?string
 
         return 'data:' . $file->mimeType . ';base64,' . \base64_encode(\file_get_contents($file->getPathname()));
     }
+
+    public static function findByFileID(int $fileID): ?DiscordBot
+    {
+        $sql = "
+            SELECT  *
+            FROM    wcf1_discord_bot
+            WHERE   botID = ?
+        ";
+        $stmnt = WCF::getDB()->prepare($sql);
+        $stmnt->execute([$fileID]);
+
+        return $stmnt->fetchObject(DiscordBot::class);
+    }
 }

files/lib/system/file/DiscordWebhookAvatarFileProcessor.class.php

@@ -45,6 +45,12 @@ public function validateUpload(File $file): void
         }
     }
 
+    #[Override]
+    public function canAdopt(File $file, array $context): bool
+    {
+        return DiscordBot::findByFileID($file->fileID) === null;
+    }
+
     #[Override]
     public function adopt(File $file, array $context): void
     {