aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/muc
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2017-07-21 00:07:34 +0200
committerKim Alvefur <zash@zash.se>2017-07-21 00:07:34 +0200
commita3a0b35522181ad8aece56b6e87ce9552681d9d9 (patch)
treebf0da2847cfeee78fcbe3563d9f85726a75b6b3a /plugins/muc
parent6bb4201fe2c08ce36e23459b5f0f93e515587fe5 (diff)
downloadprosody-a3a0b35522181ad8aece56b6e87ce9552681d9d9.tar.gz
prosody-a3a0b35522181ad8aece56b6e87ce9552681d9d9.zip
MUC: Reject whitespace-only nicknames (fixes #337)
Diffstat (limited to 'plugins/muc')
-rw-r--r--plugins/muc/muc.lib.lua14
1 files changed, 14 insertions, 0 deletions
diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua
index 8c486b87..e16a43f6 100644
--- a/plugins/muc/muc.lib.lua
+++ b/plugins/muc/muc.lib.lua
@@ -435,6 +435,13 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc
self._occupants[current_nick].sessions[from] = pr;
self:broadcast_presence(pr, from);
else -- change nick
+ -- a MUC service MUST NOT allow empty or invisible Room Nicknames
+ -- (i.e., Room Nicknames that consist only of one or more space characters).
+ if not select(3, jid_split(nick)):find("[^ ]") then -- resourceprep turns all whitespace into 0x20
+ module:log("debug", "Rejecting invisible nickname");
+ origin.send(st.error_reply(stanza, "cancel", "not-allowed"));
+ return;
+ end
local occupant = self._occupants[current_nick];
local is_multisession = next(occupant.sessions, next(occupant.sessions));
if self._occupants[to] or is_multisession then
@@ -467,6 +474,13 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc
-- self:handle_to_occupant(origin, stanza); -- resend available
--end
else -- enter room
+ -- a MUC service MUST NOT allow empty or invisible Room Nicknames
+ -- (i.e., Room Nicknames that consist only of one or more space characters).
+ if not select(3, jid_split(nick)):find("[^ ]") then -- resourceprep turns all whitespace into 0x20
+ module:log("debug", "Rejecting invisible nickname");
+ origin.send(st.error_reply(stanza, "cancel", "not-allowed"));
+ return;
+ end
local new_nick = to;
local is_merge;
if self._occupants[to] then