fix security bug

Hanashi · Hanashi · commit 9b2cb9f972eb · 2024-10-07T12:04:57.000+02:00
diff --git a/files/lib/data/discord/bot/DiscordBot.class.php b/files/lib/data/discord/bot/DiscordBot.class.php
@@ -6,6 +6,7 @@
 use wcf\data\file\File;
 use wcf\system\cache\builder\DiscordGuildChannelCacheBuilder;
 use wcf\system\discord\DiscordApi;
+use wcf\system\WCF;
 
 /**
  * Discord-Bot-Objekt
@@ -95,4 +96,17 @@ public function getWebhookAvatarData(): ?string
 
         return 'data:' . $file->mimeType . ';base64,' . \base64_encode(\file_get_contents($file->getPathname()));
     }
+
+    public static function findByFileID(int $fileID): ?DiscordBot
+    {
+        $sql = "
+            SELECT  *
+            FROM    wcf1_discord_bot
+            WHERE   botID = ?
+        ";
+        $stmnt = WCF::getDB()->prepare($sql);
+        $stmnt->execute([$fileID]);
+
+        return $stmnt->fetchObject(DiscordBot::class);
+    }
 }
diff --git a/files/lib/system/file/DiscordWebhookAvatarFileProcessor.class.php b/files/lib/system/file/DiscordWebhookAvatarFileProcessor.class.php
@@ -45,6 +45,12 @@ public function validateUpload(File $file): void
         }
     }
 
+    #[Override]
+    public function canAdopt(File $file, array $context): bool
+    {
+        return DiscordBot::findByFileID($file->fileID) === null;
+    }
+
     #[Override]
     public function adopt(File $file, array $context): void
     {

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,12 @@ public function validateUpload(File $file): void`
`45`	`45`	`}`
`46`	`46`	`}`
`47`	`47`
	`48`	`+ #[Override]`
	`49`	`+ public function canAdopt(File $file, array $context): bool`
	`50`	`+ {`
	`51`	`+ return DiscordBot::findByFileID($file->fileID) === null;`
	`52`	`+ }`
	`53`	`+`
`48`	`54`	`#[Override]`
`49`	`55`	`public function adopt(File $file, array $context): void`
`50`	`56`	`{`