diff options
author | Kim Alvefur <zash@zash.se> | 2017-07-21 00:07:34 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2017-07-21 00:07:34 +0200 |
commit | b433940c1ea9200498017fdf529f395a2a92de1d (patch) | |
tree | bf0da2847cfeee78fcbe3563d9f85726a75b6b3a /plugins | |
parent | c5af3aee3e651187a3a582045dbe269e1b61fe4d (diff) | |
download | prosody-b433940c1ea9200498017fdf529f395a2a92de1d.tar.gz prosody-b433940c1ea9200498017fdf529f395a2a92de1d.zip |
MUC: Reject whitespace-only nicknames (fixes #337)
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/muc/muc.lib.lua | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 8c486b87..e16a43f6 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -435,6 +435,13 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc self._occupants[current_nick].sessions[from] = pr; self:broadcast_presence(pr, from); else -- change nick + -- a MUC service MUST NOT allow empty or invisible Room Nicknames + -- (i.e., Room Nicknames that consist only of one or more space characters). + if not select(3, jid_split(nick)):find("[^ ]") then -- resourceprep turns all whitespace into 0x20 + module:log("debug", "Rejecting invisible nickname"); + origin.send(st.error_reply(stanza, "cancel", "not-allowed")); + return; + end local occupant = self._occupants[current_nick]; local is_multisession = next(occupant.sessions, next(occupant.sessions)); if self._occupants[to] or is_multisession then @@ -467,6 +474,13 @@ function room_mt:handle_to_occupant(origin, stanza) -- PM, vCards, etc -- self:handle_to_occupant(origin, stanza); -- resend available --end else -- enter room + -- a MUC service MUST NOT allow empty or invisible Room Nicknames + -- (i.e., Room Nicknames that consist only of one or more space characters). + if not select(3, jid_split(nick)):find("[^ ]") then -- resourceprep turns all whitespace into 0x20 + module:log("debug", "Rejecting invisible nickname"); + origin.send(st.error_reply(stanza, "cancel", "not-allowed")); + return; + end local new_nick = to; local is_merge; if self._occupants[to] then |