From 0776d339090826ff52abb79498d9fd8788460865 Mon Sep 17 00:00:00 2001
From: Joe van der Zwet <me@joezwet.me>
Date: Fri, 16 Oct 2020 00:36:32 +1300
Subject: [PATCH 1/2] fix: prevent discord mention exploit

---
 app/imports/server/discord/sendWebhook.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/imports/server/discord/sendWebhook.js b/app/imports/server/discord/sendWebhook.js
index b88cae76..95eea823 100644
--- a/app/imports/server/discord/sendWebhook.js
+++ b/app/imports/server/discord/sendWebhook.js
@@ -4,6 +4,10 @@ export default function sendWebhook({webhookURL, message, options}){
   let urlArray = webhookURL.split('/');
   let token = urlArray.pop();
   let id = urlArray.pop();
+  
+  // prevent discord mention exploit
+  options.allowedMentions = { parse: [] };
+  
   const hook = new Discord.WebhookClient(id, token);
   // Send a message using the webhook
   hook.send(message, options)

From 09371e7d549f20569026447de3c0026032f7a12c Mon Sep 17 00:00:00 2001
From: Joe van der Zwet <me@joezwet.me>
Date: Fri, 16 Oct 2020 00:47:32 +1300
Subject: [PATCH 2/2] add requested changes

---
 app/imports/server/discord/sendWebhook.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/imports/server/discord/sendWebhook.js b/app/imports/server/discord/sendWebhook.js
index 95eea823..3ca1f4f6 100644
--- a/app/imports/server/discord/sendWebhook.js
+++ b/app/imports/server/discord/sendWebhook.js
@@ -6,7 +6,7 @@ export default function sendWebhook({webhookURL, message, options}){
   let id = urlArray.pop();
   
   // prevent discord mention exploit
-  options.allowedMentions = { parse: [] };
+  options.disableMentions = 'all';
   
   const hook = new Discord.WebhookClient(id, token);
   // Send a message using the webhook