summaryrefslogtreecommitdiff
path: root/src/api
diff options
context:
space:
mode:
Diffstat (limited to 'src/api')
-rw-r--r--src/api/endpoints/messaging/messages/create.js10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/api/endpoints/messaging/messages/create.js b/src/api/endpoints/messaging/messages/create.js
index 498883057b..47bc1a9968 100644
--- a/src/api/endpoints/messaging/messages/create.js
+++ b/src/api/endpoints/messaging/messages/create.js
@@ -31,6 +31,16 @@ module.exports = (params, user) =>
// Get 'user_id' parameter
let recipient = params.user_id;
if (recipient !== undefined && recipient !== null) {
+ // Validate id
+ if (!mongo.ObjectID.isValid(recipient)) {
+ return rej('incorrect user_id');
+ }
+
+ // Myself
+ if (new mongo.ObjectID(recipient).equals(user._id)) {
+ return rej('-need-translate-');
+ }
+
recipient = await User.findOne({
_id: new mongo.ObjectID(recipient)
}, {
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-03-04 16:06:54 +0000