diff options
author | Kim Alvefur <zash@zash.se> | 2019-10-20 14:54:57 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2019-10-20 14:54:57 +0200 |
commit | 21b0efc6ad3d7b757bebc45330ca9e40dcc158b2 (patch) | |
tree | 744392cee8bea1b345b6c90ec44c4ce730148607 /plugins | |
parent | 4d28443876e2122d89bf41a2e57b34a6d1d4e813 (diff) | |
download | prosody-21b0efc6ad3d7b757bebc45330ca9e40dcc158b2.tar.gz prosody-21b0efc6ad3d7b757bebc45330ca9e40dcc158b2.zip |
MUC: Validate registration dataform more carefully
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/muc/register.lib.lua | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua index da106f8c..cfbdfb59 100644 --- a/plugins/muc/register.lib.lua +++ b/plugins/muc/register.lib.lua @@ -136,7 +136,19 @@ local function handle_register_iq(room, origin, stanza) return true; end local form_tag = query:get_child("x", "jabber:x:data"); - local reg_data = form_tag and registration_form:data(form_tag); + if not form_tag then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing dataform")); + return true; + end + local form_type, err = dataforms.get_type(form_tag); + if not form_type then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Error with form: "..err)); + return true; + elseif form_type ~= "http://jabber.org/protocol/muc#register" then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); + return true; + end + local reg_data = registration_form:data(form_tag); if not reg_data then origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); return true; |