diff options
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r-- | server/middlewares/validators/users.ts | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 055af3b64..50327b6ae 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -1,6 +1,7 @@ | |||
1 | import express from 'express' | 1 | import express from 'express' |
2 | import { body, param, query } from 'express-validator' | 2 | import { body, param, query } from 'express-validator' |
3 | import { Hooks } from '@server/lib/plugins/hooks' | 3 | import { Hooks } from '@server/lib/plugins/hooks' |
4 | import { forceNumber } from '@shared/core-utils' | ||
4 | import { HttpStatusCode, UserRegister, UserRight, UserRole } from '@shared/models' | 5 | import { HttpStatusCode, UserRegister, UserRight, UserRole } from '@shared/models' |
5 | import { exists, isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' | 6 | import { exists, isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc' |
6 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' | 7 | import { isThemeNameValid } from '../../helpers/custom-validators/plugins' |
@@ -515,7 +516,7 @@ const usersCheckCurrentPasswordFactory = (targetUserIdGetter: (req: express.Requ | |||
515 | 516 | ||
516 | const user = res.locals.oauth.token.User | 517 | const user = res.locals.oauth.token.User |
517 | const isAdminOrModerator = user.role === UserRole.ADMINISTRATOR || user.role === UserRole.MODERATOR | 518 | const isAdminOrModerator = user.role === UserRole.ADMINISTRATOR || user.role === UserRole.MODERATOR |
518 | const targetUserId = parseInt(targetUserIdGetter(req) + '') | 519 | const targetUserId = forceNumber(targetUserIdGetter(req)) |
519 | 520 | ||
520 | // Admin/moderator action on another user, skip the password check | 521 | // Admin/moderator action on another user, skip the password check |
521 | if (isAdminOrModerator && targetUserId !== user.id) { | 522 | if (isAdminOrModerator && targetUserId !== user.id) { |