diff options
author | Kim Alvefur <zash@zash.se> | 2019-10-20 14:54:57 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2019-10-20 14:54:57 +0200 |
commit | e066e530df8af2d8070d2e049e8f3ebf6a8e48e8 (patch) | |
tree | 744392cee8bea1b345b6c90ec44c4ce730148607 /plugins/muc | |
parent | 7dbc2e2ac3ae5d56c7b3f7f3b6713e9cb2558ee0 (diff) | |
download | prosody-e066e530df8af2d8070d2e049e8f3ebf6a8e48e8.tar.gz prosody-e066e530df8af2d8070d2e049e8f3ebf6a8e48e8.zip |
MUC: Validate registration dataform more carefully
Diffstat (limited to 'plugins/muc')
-rw-r--r-- | plugins/muc/register.lib.lua | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua index da106f8c..cfbdfb59 100644 --- a/plugins/muc/register.lib.lua +++ b/plugins/muc/register.lib.lua @@ -136,7 +136,19 @@ local function handle_register_iq(room, origin, stanza) return true; end local form_tag = query:get_child("x", "jabber:x:data"); - local reg_data = form_tag and registration_form:data(form_tag); + if not form_tag then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing dataform")); + return true; + end + local form_type, err = dataforms.get_type(form_tag); + if not form_type then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Error with form: "..err)); + return true; + elseif form_type ~= "http://jabber.org/protocol/muc#register" then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); + return true; + end + local reg_data = registration_form:data(form_tag); if not reg_data then origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); return true; |