From 70292dac00c800ff4556a56d9c2339342a75c248 Mon Sep 17 00:00:00 2001 From: shortcutme Date: Sun, 30 Sep 2018 21:56:36 +0200 Subject: [PATCH] Don't allow to take the ownership of the updater site with the API --- plugins/Sidebar/SidebarPlugin.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/plugins/Sidebar/SidebarPlugin.py b/plugins/Sidebar/SidebarPlugin.py index f3d97f3d..cc179fbb 100644 --- a/plugins/Sidebar/SidebarPlugin.py +++ b/plugins/Sidebar/SidebarPlugin.py @@ -712,6 +712,9 @@ class UiWebsocketPlugin(object): if "ADMIN" not in permissions: return self.response(to, "You don't have permission to run this command") + if self.site.address == config.updatesite: + return self.response(to, "You can't change the ownership of the updater site") + self.site.settings["own"] = bool(owned) self.site.updateWebsocket(owned=owned)