From d55af1b5018ac0249254713ec1fa81590ef0bdd0 Mon Sep 17 00:00:00 2001
From: Michael De Roover <condor@commander.lan>
Date: Fri, 9 Apr 2021 20:57:58 +0200
Subject: [PATCH] Check against sender ID

This addresses a security vulnerability in the userbot.
---
 install | 2 ++
 ubot.py | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/install b/install
index e1e6a53..cd29e58 100755
--- a/install
+++ b/install
@@ -5,6 +5,7 @@ mkconfig(){
 	echo "Please get your credentials from https://my.telegram.org."
 	read -p "App API ID (api_id): " api_id
 	read -p "App API hash (api_hash): " api_hash
+	read -p "Your user ID: " myid
 	read -p "Do you wish to use a log chat? (y/n): " logrpl
 	if [ "$logrpl" = "y" ]
 	then
@@ -14,6 +15,7 @@ mkconfig(){
 	fi
 	echo "api_id = $api_id" >> config.py
 	echo "api_hash = '$api_hash'" >> config.py
+	echo "myid = $myid" >> config.py
 	echo "logchat = $logchat" >> config.py
 }
 
diff --git a/ubot.py b/ubot.py
index 5c9e423..5c5f4a7 100755
--- a/ubot.py
+++ b/ubot.py
@@ -8,6 +8,9 @@ client = TelegramClient('ubot', api_id, api_hash)
 async def edit(event):
 	msg = event.raw_text
 
+	if event.sender_id != myid:
+		return
+
 	if msg.startswith('.alive'):
 		rpl = "Userbot alive and well!"
 		await event.edit(rpl)