From 8061ffecb4edf1d1866e9444d86e67f9782e54c4 Mon Sep 17 00:00:00 2001
From: Thomas Lynch <tom@69420.me>
Date: Thu, 28 Jul 2022 15:38:00 +1000
Subject: [PATCH] Add solvedCaptcha=true check also to blockbypass for the few
 routes which check block bypass w/o verifyCaptcha middleware before

---
 lib/middleware/captcha/blockbypass.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/middleware/captcha/blockbypass.js b/lib/middleware/captcha/blockbypass.js
index d9fe69c4..7a7c50ba 100644
--- a/lib/middleware/captcha/blockbypass.js
+++ b/lib/middleware/captcha/blockbypass.js
@@ -5,7 +5,8 @@ const { Bypass } = require(__dirname+'/../../../db/')
 	, config = require(__dirname+'/../../misc/config.js')
 	, deleteTempFiles = require(__dirname+'/../../file/deletetempfiles.js')
 	, dynamicResponse = require(__dirname+'/../../misc/dynamic.js')
-	, production = process.env.NODE_ENV === 'production';
+	, production = process.env.NODE_ENV === 'production'
+	, Permissions = require(__dirname+'/../../permission/permissions.js');
 
 module.exports = {
 
@@ -13,6 +14,12 @@ module.exports = {
 
 		const { secureCookies, blockBypass } = config.get;
 
+		//bypass captcha permission
+		if (res.locals.permissions &&
+			res.locals.permissions.get(Permissions.BYPASS_CAPTCHA)) {
+			res.locals.solvedCaptcha = true;
+		}
+
 		//check if blockbypass exists and right length
 		const bypassId = req.signedCookies.bypassid;
 		if (!res.locals.solvedCaptcha && (!bypassId || bypassId.length !== 24)) {