aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-12-23 23:30:45 +0100
committerKim Alvefur <zash@zash.se>2019-12-23 23:30:45 +0100
commit1c3988b1719e164b38c75eff73aa3df52c531ae7 (patch)
tree49a9ad391488eab936ce5ae5d8e52e0aa0cc2e33
parent5b06f8946f51c90fe3dd4ed9cfba91e5ad83f1b7 (diff)
downloadprosody-1c3988b1719e164b38c75eff73aa3df52c531ae7.tar.gz
prosody-1c3988b1719e164b38c75eff73aa3df52c531ae7.zip
mod_mam: More careful validation of MAM query form
Adapted from mod_muc_mam
-rw-r--r--plugins/mod_mam/mod_mam.lua10
1 files changed, 9 insertions, 1 deletions
diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua
index e9528d52..018aef77 100644
--- a/plugins/mod_mam/mod_mam.lua
+++ b/plugins/mod_mam/mod_mam.lua
@@ -25,6 +25,7 @@ local jid_bare = require "util.jid".bare;
local jid_split = require "util.jid".split;
local jid_prepped_split = require "util.jid".prepped_split;
local dataform = require "util.dataforms".new;
+local get_form_type = require "util.dataforms".get_type;
local host = module.host;
local rm_load_roster = require "core.rostermanager".load_roster;
@@ -101,7 +102,14 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event)
local qwith, qstart, qend;
local form = query:get_child("x", "jabber:x:data");
if form then
- local err;
+ local form_type, err = get_form_type(form);
+ if not form_type then
+ origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid dataform: "..err));
+ return true;
+ elseif form_type ~= xmlns_mam then
+ origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'"));
+ return true;
+ end
form, err = query_form:data(form);
if err then
origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err))));