Software /
code /
prosody-modules
Comparison
mod_mam/mod_mam.lua @ 751:3c37445f26ac
mod_mam: Stricter validation, reject invalid timestamps, jids.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 27 Jul 2012 04:39:48 +0200 |
parent | 711:53afd87f3612 |
child | 798:2b8ceb4d1a73 |
comparison
equal
deleted
inserted
replaced
750:8133dd5f266a | 751:3c37445f26ac |
---|---|
9 | 9 |
10 local st = require "util.stanza"; | 10 local st = require "util.stanza"; |
11 local rsm = module:require "rsm"; | 11 local rsm = module:require "rsm"; |
12 local jid_bare = require "util.jid".bare; | 12 local jid_bare = require "util.jid".bare; |
13 local jid_split = require "util.jid".split; | 13 local jid_split = require "util.jid".split; |
14 local jid_prep = require "util.jid".prep; | |
14 local host = module.host; | 15 local host = module.host; |
15 | 16 |
16 local dm_load = require "util.datamanager".load; | 17 local dm_load = require "util.datamanager".load; |
17 local dm_store = require "util.datamanager".store; | 18 local dm_store = require "util.datamanager".store; |
18 local dm_list_load = require "util.datamanager".list_load; | 19 local dm_list_load = require "util.datamanager".list_load; |
123 local qend = query:get_child_text("end"); | 124 local qend = query:get_child_text("end"); |
124 local qset = rsm.get(query); | 125 local qset = rsm.get(query); |
125 module:log("debug", "Archive query, id %s with %s from %s until %s)", | 126 module:log("debug", "Archive query, id %s with %s from %s until %s)", |
126 tostring(qid), qwith or "anyone", qstart or "the dawn of time", qend or "now"); | 127 tostring(qid), qwith or "anyone", qstart or "the dawn of time", qend or "now"); |
127 | 128 |
128 qstart, qend = (qstart and timestamp_parse(qstart)), (qend and timestamp_parse(qend)) | 129 if qstart or qend then -- Validate timestamps |
130 local vstart, vend = (qstart and timestamp_parse(qstart)), (qend and timestamp_parse(qend)) | |
131 if (qstart and not qwith) or (qend and not vend) then | |
132 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid timestamp")) | |
133 return true | |
134 end | |
135 qstart, qend = vstart, vend; | |
136 end | |
137 | |
138 if qwith then -- Validate the 'with' jid | |
139 local pwith = qwith and jid_prep(qwith); | |
140 if pwith and not qwith then -- it failed prepping | |
141 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid JID")) | |
142 return true | |
143 end | |
144 qwith = pwith; | |
145 end | |
129 | 146 |
130 -- Load all the data! | 147 -- Load all the data! |
131 local data, err = dm_list_load(origin.username, origin.host, archive_store); | 148 local data, err = dm_list_load(origin.username, origin.host, archive_store); |
132 if not data then | 149 if not data then |
133 if (not err) then | 150 if (not err) then |