From dc8d810f34ba55ec51a238a84c04673efb7fc7a3 Mon Sep 17 00:00:00 2001
From: Kim Alvefur <zash@zash.se>
Date: Sat, 2 May 2020 20:12:41 +0200
Subject: MUC: Enforce strict resourceprep when registering room nicknames

If nickname enforcement is enabled this would otherwise let you bypass
the join check in muc.lib by registering an invalid nickname and then
joining with any nickname, letting register.lib change it to the invalid
registered nick.
---
 plugins/muc/register.lib.lua | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/muc')

diff --git a/plugins/muc/register.lib.lua b/plugins/muc/register.lib.lua
index f0a15dd4..d917b396 100644
--- a/plugins/muc/register.lib.lua
+++ b/plugins/muc/register.lib.lua
@@ -152,7 +152,7 @@ local function handle_register_iq(room, origin, stanza)
 			return true;
 		end
 		-- Is the nickname valid?
-		local desired_nick = resourceprep(reg_data["muc#register_roomnick"]);
+		local desired_nick = resourceprep(reg_data["muc#register_roomnick"], true);
 		if not desired_nick then
 			origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid Nickname"));
 			return true;
-- 
cgit v1.2.3