stranthen security

nkonev · Jan 16, 2025 · 4c670b0 · 4c670b0
1 parent c856904
commit 4c670b0
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/chat/handlers/chat.go b/chat/handlers/chat.go
@@ -1561,7 +1561,7 @@ func (ch *ChatHandler) CheckAccess(c echo.Context) error {
 			// ... here we check that the message which we found by potentially crafted overrideMessageId / overrideChatId with malicious intent
 			// really contains this fileItemUuid
 			encodedFileItemUuid := utils.UrlEncode(fileItemUuid)
-			if strings.Contains(overrideMessage.Text, encodedFileItemUuid) {
+			if len(fileItemUuid) != 0 && strings.Contains(overrideMessage.Text, encodedFileItemUuid) {
 				return c.NoContent(http.StatusOK)
 			}
 		}