mod_mam: Only check for locally generated stanza-ids

Otherwise a message archived by a remote server would be incorrectly silently discarded. This should be safe from spoofing thanks to strip_stanza_id earlier in the event chain.
author: Kim Alvefur <zash@zash.se> 2021-08-31 11:26:42 +0200
committer: Kim Alvefur <zash@zash.se> 2021-08-31 11:26:42 +0200
commit: b430cda5c7c87b20ae26b1d78b61be0ae0013241 (patch)
tree: 231921ab5ad00e29b0a56d86eb4134769ab29aca /plugins/mod_mam/mod_mam.lua
parent: 2937b1672bd28c5c40c2a9a11599bdf9f7794ebf (diff)
download: prosody-b430cda5c7c87b20ae26b1d78b61be0ae0013241.tar.gz
prosody-b430cda5c7c87b20ae26b1d78b61be0ae0013241.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua
index 671967c3..50401aa1 100644
--- a/plugins/mod_mam/mod_mam.lua
+++ b/plugins/mod_mam/mod_mam.lua
@@ -480,8 +480,11 @@ module:hook("pre-message/full", strip_stanza_id_after_other_events, -1);
 -- which would not be accurate because it has been archived.
 module:hook("message/offline/handle", function(event)
 	local stanza = event.stanza;
-	if stanza:get_child("stanza-id", xmlns_st_id) then
-		return true;
+	local user = event.username .. "@" .. host;
+	for st_id in stanza:childtags("stanza-id", xmlns_st_id) do
+		if st_id.attr.by == user then
+			return true;
+		end
 	end
 end, -2);
author	Kim Alvefur <zash@zash.se>	2021-08-31 11:26:42 +0200
committer	Kim Alvefur <zash@zash.se>	2021-08-31 11:26:42 +0200
commit	b430cda5c7c87b20ae26b1d78b61be0ae0013241 (patch)
tree	231921ab5ad00e29b0a56d86eb4134769ab29aca /plugins/mod_mam/mod_mam.lua
parent	2937b1672bd28c5c40c2a9a11599bdf9f7794ebf (diff)
download	prosody-b430cda5c7c87b20ae26b1d78b61be0ae0013241.tar.gz prosody-b430cda5c7c87b20ae26b1d78b61be0ae0013241.zip