aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2021-09-17 16:28:07 +0200
committerKim Alvefur <zash@zash.se>2021-09-17 16:28:07 +0200
commit4703ad42a88393fa71b12fc8929eabd28da60d31 (patch)
tree091e1131027d10a97b36050869d6b8704801e63e
parentb97b295d03d89c8af3be0fe0fd4b76f0a14c5bc5 (diff)
downloadprosody-4703ad42a88393fa71b12fc8929eabd28da60d31.tar.gz
prosody-4703ad42a88393fa71b12fc8929eabd28da60d31.zip
MUC: Reject full JID in affiliation queries
XEP-0045 states: > Affiliations are granted, revoked, and maintained based on the user's > bare JID, not the nick as with roles. Therefore inclusion of a full JID in affiliation queries is invalid. Thanks to Ge0rG and Poezio for discovering this issue.
-rw-r--r--plugins/muc/muc.lib.lua3
1 files changed, 3 insertions, 0 deletions
diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua
index f4d06529..556363ba 100644
--- a/plugins/muc/muc.lib.lua
+++ b/plugins/muc/muc.lib.lua
@@ -1050,6 +1050,9 @@ function room_mt:handle_admin_query_set_command(origin, stanza)
if not item.attr.jid then
origin.send(st.error_reply(stanza, "modify", "jid-malformed"));
return true;
+ elseif jid_resource(item.attr.jid) then
+ origin.send(st.error_reply(stanza, "modify", "jid-malformed", "Bare JID expected, got full JID"));
+ return true;
end
end
if item.attr.nick then -- Validate provided nick