aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2024-11-01 13:10:45 +0100
committerKim Alvefur <zash@zash.se>2024-11-01 13:10:45 +0100
commitad83ddfb78afff7c03d7b749cdf66e39898281c5 (patch)
treed487c94e77779dfb4db830c0a048545760938802
parente47e8e7ec7d2efe6bc4ef6269f038ac66767b0ce (diff)
downloadprosody-ad83ddfb78afff7c03d7b749cdf66e39898281c5.tar.gz
prosody-ad83ddfb78afff7c03d7b749cdf66e39898281c5.zip
mod_admin_shell: Reject attempt to add or remove roles for unrelated hosts
The three-argument version seems to be a left-over from 0.12
-rw-r--r--plugins/mod_admin_shell.lua4
1 files changed, 4 insertions, 0 deletions
diff --git a/plugins/mod_admin_shell.lua b/plugins/mod_admin_shell.lua
index 3738b8ba..ae7aaf98 100644
--- a/plugins/mod_admin_shell.lua
+++ b/plugins/mod_admin_shell.lua
@@ -1785,6 +1785,8 @@ function def_env.user:addrole(jid, host, new_role)
return nil, "No such host: "..host;
elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
return nil, "No such user";
+ elseif userhost ~= host then
+ return nil, "Can't add roles outside users own host"
end
return um.add_user_secondary_role(username, host, new_role);
end
@@ -1797,6 +1799,8 @@ function def_env.user:delrole(jid, host, role_name)
return nil, "No such host: "..host;
elseif prosody.hosts[userhost] and not um.user_exists(username, userhost) then
return nil, "No such user";
+ elseif userhost ~= host then
+ return nil, "Can't remove roles outside users own host"
end
return um.remove_user_secondary_role(username, host, role_name);
end