diff options
author | Kim Alvefur <zash@zash.se> | 2013-01-31 15:33:41 +0100 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2013-01-31 15:33:41 +0100 |
commit | 8a6d52c9319c5c9e4e79bfcc9d27d88fcb5d6b6f (patch) | |
tree | afc6e9d8ede1ddb2455396b36eb41b010662092a /plugins | |
parent | 9468212a73173752909bb15af9964e6fbb6d154b (diff) | |
download | prosody-8a6d52c9319c5c9e4e79bfcc9d27d88fcb5d6b6f.tar.gz prosody-8a6d52c9319c5c9e4e79bfcc9d27d88fcb5d6b6f.zip |
mod_pubsub: More strict checks for node and ids
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/mod_pubsub.lua | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/plugins/mod_pubsub.lua b/plugins/mod_pubsub.lua index 8b6aea6c..96a9eaae 100644 --- a/plugins/mod_pubsub.lua +++ b/plugins/mod_pubsub.lua @@ -32,6 +32,8 @@ end local pubsub_errors = { ["conflict"] = { "cancel", "conflict" }; ["invalid-jid"] = { "modify", "bad-request", nil, "invalid-jid" }; + ["jid-required"] = { "modify", "bad-request", nil, "jid-required" }; + ["nodeid-required"] = { "modify", "bad-request", nil, "nodeid-required" }; ["item-not-found"] = { "cancel", "item-not-found" }; ["not-subscribed"] = { "modify", "unexpected-request", nil, "not-subscribed" }; ["forbidden"] = { "cancel", "forbidden" }; @@ -50,6 +52,9 @@ function handlers.get_items(origin, stanza, items) local item = items:get_child("item"); local id = item and item.attr.id; + if not node then + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); + end local ok, results = service:get_items(node, stanza.attr.from, id); if not ok then return origin.send(pubsub_error_reply(stanza, results)); @@ -72,6 +77,9 @@ end function handlers.get_subscriptions(origin, stanza, subscriptions) local node = subscriptions.attr.node; + if not node then + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); + end local ok, ret = service:get_subscriptions(node, stanza.attr.from, stanza.attr.from); if not ok then return origin.send(pubsub_error_reply(stanza, ret)); @@ -113,6 +121,9 @@ end function handlers.set_subscribe(origin, stanza, subscribe) local node, jid = subscribe.attr.node, subscribe.attr.jid; + if not (node and jid) then + return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid")); + end --[[ local options_tag, options = stanza.tags[1]:get_child("options"), nil; if options_tag then @@ -151,6 +162,9 @@ end function handlers.set_unsubscribe(origin, stanza, unsubscribe) local node, jid = unsubscribe.attr.node, unsubscribe.attr.jid; + if not (node and jid) then + return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid")); + end local ok, ret = service:remove_subscription(node, stanza.attr.from, jid); local reply; if ok then @@ -163,6 +177,9 @@ end function handlers.set_publish(origin, stanza, publish) local node = publish.attr.node; + if not node then + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); + end local item = publish:get_child("item"); local id = (item and item.attr.id) or uuid_generate(); local ok, ret = service:publish(node, stanza.attr.from, id, item); @@ -184,8 +201,7 @@ function handlers.set_retract(origin, stanza, retract) local item = retract:get_child("item"); local id = item and item.attr.id if not (node and id) then - origin.send(st.error_reply(stanza, "modify", "bad-request")); - return true; + return origin.send(pubsub_error_reply(stanza, node and "item-not-found" or "nodeid-required")); end local reply, notifier; if notify then @@ -205,8 +221,7 @@ function handlers.set_purge(origin, stanza, purge) notify = (notify == "1") or (notify == "true"); local reply; if not node then - origin.send(st.error_reply(stanza, "modify", "bad-request")); - return true; + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); end local ok, ret = service:purge(node, stanza.attr.from, notify); if ok then |