prosody-modules
c8d04ac200fc
mod_clean_roster/mod_clean_roster.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody-modules

Annotate

mod_clean_roster/mod_clean_roster.lua @ 5401:c8d04ac200fc

mod_http_oauth2: Reject loopback URIs as client_uri This really should be a proper website with info, https://localhost is not good enough. Ideally we'd validate that it's got proper DNS and is actually reachable, but triggering HTTP or even DNS lookups seems like it would carry abuse potential that would best to avoid.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:20:55 +0200
parent 5085:e384b91d0aa7
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
5085
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
1 local s_find = string.find;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
2
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
3 local pctl = require "util.prosodyctl";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
4
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
5 local rostermanager = require "core.rostermanager";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
6 local storagemanager = require "core.storagemanager";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
7 local usermanager = require "core.usermanager";
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
8
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
9 -- copypaste from util.stanza
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
10 local function valid_xml_cdata(str, attr)
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
11 return not s_find(str, attr and "[^\1\9\10\13\20-~\128-\247]" or "[^\9\10\13\20-~\128-\247]");
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
12 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
13
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
14 function module.command(_arg)
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
15 if select(2, pctl.isrunning()) then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
16 pctl.show_warning("Stop Prosody before running this command");
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
17 return 1;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
18 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
19
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
20 for hostname, host in pairs(prosody.hosts) do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
21 if hostname ~= "*" then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
22 if host.users.name == "null" then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
23 storagemanager.initialize_host(hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
24 usermanager.initialize_host(hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
25 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
26 local fixes = 0;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
27 for username in host.users.users() do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
28 local roster = rostermanager.load_roster(username, hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
29 local changed = false;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
30 for contact, item in pairs(roster) do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
31 if contact ~= false then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
32 if item.name and not valid_xml_cdata(item.name, false) then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
33 item.name = item.name:gsub("[^\9\10\13\20-~\128-\247]", "�");
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
34 fixes = fixes + 1;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
35 changed = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
36 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
37 local clean_groups = {};
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
38 for group in pairs(item.groups) do
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
39 if valid_xml_cdata(group, false) then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
40 clean_groups[group] = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
41 else
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
42 clean_groups[group:gsub("[^\9\10\13\20-~\128-\247]", "�")] = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
43 fixes = fixes + 1;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
44 changed = true;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
45 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
46 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
47 item.groups = clean_groups;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
48 else
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
49 -- pending entries etc
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
50 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
51 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
52 if changed then
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
53 assert(rostermanager.save_roster(username, hostname, roster));
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
54 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
55 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
56 pctl.show_message("Fixed %d items on host %s", fixes, hostname);
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
57 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
58 end
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
59 return 0;
e384b91d0aa7 mod_clean_roster: Clean out invalid characters from roster entires
Kim Alvefur <zash@zash.se>
parents:
diff changeset
60 end