From ede20ddd6fa769d8ffb811d4170e47ad3fb50cdd Mon Sep 17 00:00:00 2001 From: Jonas Wielicki Date: Thu, 17 May 2018 17:11:25 +0200 Subject: MUC: reject non-bare JIDs in set_affiliation requests with not-acceptable --- plugins/muc/muc.lib.lua | 3 +++ 1 file changed, 3 insertions(+) (limited to 'plugins/muc') diff --git a/plugins/muc/muc.lib.lua b/plugins/muc/muc.lib.lua index 870bd53c..12ecdbda 100644 --- a/plugins/muc/muc.lib.lua +++ b/plugins/muc/muc.lib.lua @@ -1076,6 +1076,9 @@ function room_mt:can_set_affiliations(actor, jid_affiliation) for jid, value in pairs(jid_affiliation) do local affiliation = value["affiliation"]; + if jid ~= jid_bare(jid) then + return false, "modify", "not-acceptable"; + end jid = jid_bare(jid); if affiliation == "none" then affiliation = nil; end if affiliation and affiliation ~= "outcast" and affiliation ~= "owner" and affiliation ~= "admin" and affiliation ~= "member" then -- cgit v1.2.3