diff options
| author | Kim Alvefur <zash@zash.se> | 2019-12-23 23:30:45 +0100 |
|---|---|---|
| committer | Kim Alvefur <zash@zash.se> | 2019-12-23 23:30:45 +0100 |
| commit | 1c3988b1719e164b38c75eff73aa3df52c531ae7 (patch) | |
| tree | 49a9ad391488eab936ce5ae5d8e52e0aa0cc2e33 /plugins/mod_mam | |
| parent | 5b06f8946f51c90fe3dd4ed9cfba91e5ad83f1b7 (diff) | |
| download | prosody-1c3988b1719e164b38c75eff73aa3df52c531ae7.tar.gz prosody-1c3988b1719e164b38c75eff73aa3df52c531ae7.zip | |
mod_mam: More careful validation of MAM query form
Adapted from mod_muc_mam
Diffstat (limited to 'plugins/mod_mam')
| -rw-r--r-- | plugins/mod_mam/mod_mam.lua | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/plugins/mod_mam/mod_mam.lua b/plugins/mod_mam/mod_mam.lua index e9528d52..018aef77 100644 --- a/plugins/mod_mam/mod_mam.lua +++ b/plugins/mod_mam/mod_mam.lua @@ -25,6 +25,7 @@ local jid_bare = require "util.jid".bare; local jid_split = require "util.jid".split; local jid_prepped_split = require "util.jid".prepped_split; local dataform = require "util.dataforms".new; +local get_form_type = require "util.dataforms".get_type; local host = module.host; local rm_load_roster = require "core.rostermanager".load_roster; @@ -101,7 +102,14 @@ module:hook("iq-set/self/"..xmlns_mam..":query", function(event) local qwith, qstart, qend; local form = query:get_child("x", "jabber:x:data"); if form then - local err; + local form_type, err = get_form_type(form); + if not form_type then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid dataform: "..err)); + return true; + elseif form_type ~= xmlns_mam then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'")); + return true; + end form, err = query_form:data(form); if err then origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err)))); |