From c09d6decbebbaec23defaed760dcfc63a3c9ec32 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Mon, 9 Sep 2019 22:32:01 +0200 Subject: core.stanza_router: Do strict jidprep on c2s Be conservative in what you let your clients send, be liberal in what you let in via s2s. Being strict on s2s leads to interop problems and poor experiences, ie users being ejected from MUCs if something invalid enters. By starting with tightening up input into the network, we may be able to gradually approach a point where no invalid JIDs are allowed. --- core/stanza_router.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/stanza_router.lua b/core/stanza_router.lua index a74f3b6f..9d3ab113 100644 --- a/core/stanza_router.lua +++ b/core/stanza_router.lua @@ -83,7 +83,7 @@ function core_process_stanza(origin, stanza) if full_sessions[to] or bare_sessions[to] or hosts[to] then node, host = jid_split(to); -- TODO only the host is needed, optimize else - node, host, resource = jid_prepped_split(to); + node, host, resource = jid_prepped_split(to, origin.type == "c2s"); if not host then log("warn", "Received stanza with invalid destination JID: %s", to); if stanza.attr.type ~= "error" and stanza.attr.type ~= "result" then -- cgit v1.2.3