From 42d9da161b56d38a04fb4f25c7d063bdea880ff0 Mon Sep 17 00:00:00 2001
From: dakkar <dakkar@thenautilus.net>
Date: Tue, 14 May 2024 16:58:06 +0100
Subject: first basic protection - #524

---
 packages/backend/src/core/NoteCreateService.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'packages/backend/src/core/NoteCreateService.ts')

diff --git a/packages/backend/src/core/NoteCreateService.ts b/packages/backend/src/core/NoteCreateService.ts
index 631d7074bd..d51315f71f 100644
--- a/packages/backend/src/core/NoteCreateService.ts
+++ b/packages/backend/src/core/NoteCreateService.ts
@@ -627,6 +627,14 @@ export class NoteCreateService implements OnApplicationShutdown {
 			userHost: user.host,
 		});
 
+		// should really not happen, but better safe than sorry
+		if (data.reply?.id === insert.id) {
+			throw new Error("A note can't reply to itself");
+		}
+		if (data.renote?.id === insert.id) {
+			throw new Error("A note can't renote itself");
+		}
+
 		if (data.uri != null) insert.uri = data.uri;
 		if (data.url != null) insert.url = data.url;
 
-- 
cgit v1.2.3-freya