From 69c7260fe90ff38654594f7697cef6af4f2fe6e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <baris@nodebb.org>
Date: Thu, 20 Sep 2018 11:55:53 -0400
Subject: [PATCH] dont let sending more than max invites via bulk invite

---
 src/socket.io/user.js | 32 ++++++++++++++++++--------------
 1 file changed, 18 insertions(+), 14 deletions(-)

diff --git a/src/socket.io/user.js b/src/socket.io/user.js
index 582262b20d..81182bdd09 100644
--- a/src/socket.io/user.js
+++ b/src/socket.io/user.js
@@ -288,22 +288,26 @@ SocketUser.invite = function (socket, email, callback) {
 			if (registrationType === 'admin-invite-only' && !isAdmin) {
 				return next(new Error('[[error:no-privileges]]'));
 			}
+			var max = parseInt(meta.config.maximumInvites, 10);
+			email = email.split(',').map(email => email.trim()).filter(Boolean);
+			async.eachSeries(email, function (email, next) {
+				async.waterfall([
+					function (next) {
+						if (max) {
+							user.getInvitesNumber(socket.uid, next);
+						} else {
+							next(null, 0);
+						}
+					},
+					function (invites, next) {
+						if (!isAdmin && max && invites >= max) {
+							return next(new Error('[[error:invite-maximum-met, ' + invites + ', ' + max + ']]'));
+						}
 
-			async.waterfall([
-				function (next) {
-					user.getInvitesNumber(socket.uid, next);
-				},
-				function (invites, next) {
-					var max = parseInt(meta.config.maximumInvites, 10);
-					if (!isAdmin && max && invites >= max) {
-						return next(new Error('[[error:invite-maximum-met, ' + invites + ', ' + max + ']]'));
-					}
-					email = email.split(',').map(email => email.trim()).filter(Boolean);
-					async.eachSeries(email, function (email, next) {
 						user.sendInvitationEmail(socket.uid, email, next);
-					}, next);
-				},
-			], next);
+					},
+				], next);
+			}, next);
 		},
 	], callback);
 };