fix: vulnerability of another user being able to send message through…

… the bot
newerton · Feb 2, 2022 · 3b857d8 · 3b857d8
1 parent 102e0fc
commit 3b857d8
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/config/version.yaml b/config/version.yaml
@@ -1,5 +1,5 @@
   version:
-    app: "1.5.19"
-    config_file: "1.5.19"
+    app: "1.5.20"
+    config_file: "1.5.20"
     emergency: "false"
 
diff --git a/src/services/telegram.py b/src/services/telegram.py
@@ -85,25 +85,32 @@ def start(self):
         self.bot.set_my_commands(Commands, language_code='en')
 
         def sendPrint(update: Update, context: CallbackContext) -> None:
-            self.commandSendPrint(update)
+            if f'{update.message.from_user.id}' in self.telegramConfig['chat_ids']:
+                self.commandSendPrint(update)
 
         def sendChatId(update: Update, context: CallbackContext) -> None:
-            self.commandSendChatId(update)
+            if f'{update.message.from_user.id}' in self.telegramConfig['chat_ids']:
+                self.commandSendChatId(update)
 
         def sendMap(update: Update, context: CallbackContext) -> None:
-            self.commandSendMap(update)
+            if f'{update.message.from_user.id}' in self.telegramConfig['chat_ids']:
+                self.commandSendMap(update)
 
         def sendBcoin(update: Update, context: CallbackContext) -> None:
-            self.commandSendBcoin(update)
+            if f'{update.message.from_user.id}' in self.telegramConfig['chat_ids']:
+                self.commandSendBcoin(update)
 
         def sendDonation(update: Update, context: CallbackContext) -> None:
-            self.commandSendDonation(update)
+            if f'{update.message.from_user.id}' in self.telegramConfig['chat_ids']:
+                self.commandSendDonation(update)
 
         def sendAllHeroesToWork(update: Update, context: CallbackContext) -> None:
-            self.commandAllHeroesToWork(update)
+            if f'{update.message.from_user.id}' in self.telegramConfig['chat_ids']:
+                self.commandAllHeroesToWork(update)
 
         def sendAllHeroesToRest(update: Update, context: CallbackContext) -> None:
-            self.commandAllHeroesToRest(update)
+            if f'{update.message.from_user.id}' in self.telegramConfig['chat_ids']:
+                self.commandAllHeroesToRest(update)
 
         commands = [
             ['chat_id', sendChatId],