Software /
code /
prosody-modules
Changeset
751:3c37445f26ac
mod_mam: Stricter validation, reject invalid timestamps, jids.
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Fri, 27 Jul 2012 04:39:48 +0200 (2012-07-27) |
parents | 750:8133dd5f266a |
children | 753:9d5731af2c27 |
files | mod_mam/mod_mam.lua |
diffstat | 1 files changed, 18 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/mod_mam/mod_mam.lua Fri Jul 27 02:38:43 2012 +0100 +++ b/mod_mam/mod_mam.lua Fri Jul 27 04:39:48 2012 +0200 @@ -11,6 +11,7 @@ local rsm = module:require "rsm"; local jid_bare = require "util.jid".bare; local jid_split = require "util.jid".split; +local jid_prep = require "util.jid".prep; local host = module.host; local dm_load = require "util.datamanager".load; @@ -125,7 +126,23 @@ module:log("debug", "Archive query, id %s with %s from %s until %s)", tostring(qid), qwith or "anyone", qstart or "the dawn of time", qend or "now"); - qstart, qend = (qstart and timestamp_parse(qstart)), (qend and timestamp_parse(qend)) + if qstart or qend then -- Validate timestamps + local vstart, vend = (qstart and timestamp_parse(qstart)), (qend and timestamp_parse(qend)) + if (qstart and not qwith) or (qend and not vend) then + origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid timestamp")) + return true + end + qstart, qend = vstart, vend; + end + + if qwith then -- Validate the 'with' jid + local pwith = qwith and jid_prep(qwith); + if pwith and not qwith then -- it failed prepping + origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid JID")) + return true + end + qwith = pwith; + end -- Load all the data! local data, err = dm_list_load(origin.username, origin.host, archive_store);