From 37c21dc8219e6d7a62c26e6574369276609fe2e0 Mon Sep 17 00:00:00 2001 From: syuilo Date: Wed, 1 Mar 2017 14:43:41 +0900 Subject: [PATCH] [API] Fix bug Closes #215 --- src/api/endpoints/messaging/messages/create.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/api/endpoints/messaging/messages/create.js b/src/api/endpoints/messaging/messages/create.js index 498883057..47bc1a996 100644 --- a/src/api/endpoints/messaging/messages/create.js +++ b/src/api/endpoints/messaging/messages/create.js @@ -31,6 +31,16 @@ module.exports = (params, user) => // Get 'user_id' parameter let recipient = params.user_id; if (recipient !== undefined && recipient !== null) { + // Validate id + if (!mongo.ObjectID.isValid(recipient)) { + return rej('incorrect user_id'); + } + + // Myself + if (new mongo.ObjectID(recipient).equals(user._id)) { + return rej('-need-translate-'); + } + recipient = await User.findOne({ _id: new mongo.ObjectID(recipient) }, {