diff options
author | Kim Alvefur <zash@zash.se> | 2021-08-31 11:26:42 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2021-08-31 11:26:42 +0200 |
commit | b430cda5c7c87b20ae26b1d78b61be0ae0013241 (patch) | |
tree | 231921ab5ad00e29b0a56d86eb4134769ab29aca /plugins/mod_mam/mod_mam.lua | |
parent | 2937b1672bd28c5c40c2a9a11599bdf9f7794ebf (diff) | |
download | prosody-b430cda5c7c87b20ae26b1d78b61be0ae0013241.tar.gz prosody-b430cda5c7c87b20ae26b1d78b61be0ae0013241.zip |
mod_mam: Only check for locally generated stanza-ids
Otherwise a message archived by a remote server would be incorrectly
silently discarded. This should be safe from spoofing thanks to
strip_stanza_id earlier in the event chain.
Diffstat (limited to 'plugins/mod_mam/mod_mam.lua')
-rw-r--r-- | plugins/mod_mam/mod_mam.lua | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index 671967c3..50401aa1 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -480,8 +480,11 @@ module:hook("pre-message/full", strip_stanza_id_after_other_events, -1); -- which would not be accurate because it has been archived. module:hook("message/offline/handle", function(event) local stanza = event.stanza; - if stanza:get_child("stanza-id", xmlns_st_id) then - return true; + local user = event.username .. "@" .. host; + for st_id in stanza:childtags("stanza-id", xmlns_st_id) do + if st_id.attr.by == user then + return true; + end end end, -2); |