diff --git a/src/server/api/endpoints/drive/folders/update.ts b/src/server/api/endpoints/drive/folders/update.ts index 1dc0e63878..a1ee2669f0 100644 --- a/src/server/api/endpoints/drive/folders/update.ts +++ b/src/server/api/endpoints/drive/folders/update.ts @@ -83,7 +83,9 @@ export default define(meta, async (ps, user) => { if (ps.name) folder.name = ps.name; if (ps.parentId !== undefined) { - if (ps.parentId === null) { + if (ps.parentId.equals(folder._id)) { + throw new ApiError(meta.errors.recursiveNesting); + } else if (ps.parentId === null) { folder.parentId = null; } else { // Get parent folder diff --git a/test/api.ts b/test/api.ts index 85f3767930..cc4521d3dc 100644 --- a/test/api.ts +++ b/test/api.ts @@ -1141,6 +1141,20 @@ describe('API', () => { expect(res).have.status(400); })); + it('フォルダが循環するような構造にできない(自身)', async(async () => { + const arisugawa = await signup({ username: 'arisugawa' }); + const folderA = (await request('/drive/folders/create', { + name: 'test' + }, arisugawa)).body; + + const res = await request('/drive/folders/update', { + folderId: folderA.id, + parentId: folderA.id + }, arisugawa); + + expect(res).have.status(400); + })); + it('存在しない親フォルダを設定できない', async(async () => { const alice = await signup({ username: 'alice' }); const folder = (await request('/drive/folders/create', {