From 05a0d192c387220fc43f600ceb67918240d937e9 Mon Sep 17 00:00:00 2001 From: regalijan Date: Thu, 19 Oct 2023 16:50:37 -0400 Subject: [PATCH] Access check needs to be inverse --- functions/api/data-transfers/create.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/functions/api/data-transfers/create.ts b/functions/api/data-transfers/create.ts index 48c87bd..1b9adc3 100644 --- a/functions/api/data-transfers/create.ts +++ b/functions/api/data-transfers/create.ts @@ -3,8 +3,8 @@ export async function onRequestPost(context: RequestContext) { if ( typeof has_access !== "boolean" || - (has_access && typeof cookie !== "string") || - (has_access && + (!has_access && typeof cookie !== "string") || + (!has_access && !cookie.match( /_\|WARNING:-DO-NOT-SHARE-THIS\.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items\.\|_[A-F\d]+/, ))