From a42f214358483e845c74532ea44bb00dbd4788a7 Mon Sep 17 00:00:00 2001
From: kennycud <kennycud@protonmail.com>
Date: Sat, 1 Feb 2025 18:43:48 -0800
Subject: [PATCH] invite orphan vulnerability patch, detailed test case coming
 in a commit soon

---
 src/main/java/org/qortal/group/Group.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/qortal/group/Group.java b/src/main/java/org/qortal/group/Group.java
index 765b86de..a6b4f3a6 100644
--- a/src/main/java/org/qortal/group/Group.java
+++ b/src/main/java/org/qortal/group/Group.java
@@ -674,8 +674,8 @@ public class Group {
 	public void uninvite(GroupInviteTransactionData groupInviteTransactionData) throws DataException {
 		String invitee = groupInviteTransactionData.getInvitee();
 
-		// If member exists then they were added when invite matched join request
-		if (this.memberExists(invitee)) {
+		// If member exists and the join request is present then they were added when invite matched join request
+		if (this.memberExists(invitee) && groupInviteTransactionData.getJoinReference() != null) {
 			// Rebuild join request using cached reference to transaction that created join request.
 			this.rebuildJoinRequest(invitee, groupInviteTransactionData.getJoinReference());