From 84d0332c6d9859cfd6137ab23761a26dfd782b96 Mon Sep 17 00:00:00 2001
From: Shane Handley <shanehandley@fastmail.com>
Date: Sun, 31 May 2020 04:31:31 +1000
Subject: [PATCH] Ensure that the player uuid and character id both match in a
 character deletion query.

---
 server/src/persistence/character.rs | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/src/persistence/character.rs b/server/src/persistence/character.rs
index 839e46a698..008cfca59e 100644
--- a/server/src/persistence/character.rs
+++ b/server/src/persistence/character.rs
@@ -144,7 +144,12 @@ pub fn create_character(
 pub fn delete_character(uuid: &str, character_id: i32, db_dir: &str) -> CharacterListResult {
     use schema::character::dsl::*;
 
-    diesel::delete(character.filter(id.eq(character_id))).execute(&establish_connection(db_dir))?;
+    diesel::delete(
+        character
+            .filter(id.eq(character_id))
+            .filter(player_uuid.eq(uuid)),
+    )
+    .execute(&establish_connection(db_dir))?;
 
     load_character_list(uuid, db_dir)
 }