Comparison

mod_mam/mod_mam.lua @ 751:3c37445f26ac

mod_mam: Stricter validation, reject invalid timestamps, jids.
author Kim Alvefur <zash@zash.se>
date Fri, 27 Jul 2012 04:39:48 +0200
parent 711:53afd87f3612
child 798:2b8ceb4d1a73
comparison
equal deleted inserted replaced
750:8133dd5f266a 751:3c37445f26ac
9 9
10 local st = require "util.stanza"; 10 local st = require "util.stanza";
11 local rsm = module:require "rsm"; 11 local rsm = module:require "rsm";
12 local jid_bare = require "util.jid".bare; 12 local jid_bare = require "util.jid".bare;
13 local jid_split = require "util.jid".split; 13 local jid_split = require "util.jid".split;
14 local jid_prep = require "util.jid".prep;
14 local host = module.host; 15 local host = module.host;
15 16
16 local dm_load = require "util.datamanager".load; 17 local dm_load = require "util.datamanager".load;
17 local dm_store = require "util.datamanager".store; 18 local dm_store = require "util.datamanager".store;
18 local dm_list_load = require "util.datamanager".list_load; 19 local dm_list_load = require "util.datamanager".list_load;
123 local qend = query:get_child_text("end"); 124 local qend = query:get_child_text("end");
124 local qset = rsm.get(query); 125 local qset = rsm.get(query);
125 module:log("debug", "Archive query, id %s with %s from %s until %s)", 126 module:log("debug", "Archive query, id %s with %s from %s until %s)",
126 tostring(qid), qwith or "anyone", qstart or "the dawn of time", qend or "now"); 127 tostring(qid), qwith or "anyone", qstart or "the dawn of time", qend or "now");
127 128
128 qstart, qend = (qstart and timestamp_parse(qstart)), (qend and timestamp_parse(qend)) 129 if qstart or qend then -- Validate timestamps
130 local vstart, vend = (qstart and timestamp_parse(qstart)), (qend and timestamp_parse(qend))
131 if (qstart and not qwith) or (qend and not vend) then
132 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid timestamp"))
133 return true
134 end
135 qstart, qend = vstart, vend;
136 end
137
138 if qwith then -- Validate the 'with' jid
139 local pwith = qwith and jid_prep(qwith);
140 if pwith and not qwith then -- it failed prepping
141 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid JID"))
142 return true
143 end
144 qwith = pwith;
145 end
129 146
130 -- Load all the data! 147 -- Load all the data!
131 local data, err = dm_list_load(origin.username, origin.host, archive_store); 148 local data, err = dm_list_load(origin.username, origin.host, archive_store);
132 if not data then 149 if not data then
133 if (not err) then 150 if (not err) then