prosody
228396da1e27
plugins/muc/muc.lib.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/muc/muc.lib.lua @ 7413:228396da1e27

MUC: Stricter validation of deserialized data
author Kim Alvefur <zash@zash.se>
date Fri, 29 Apr 2016 14:01:01 +0200
parent 7412:f9744effae04
child 7414:1b62c89014c4
comparison
equal deleted inserted replaced
7412:f9744effae04 7413:228396da1e27
1356 local node, host, resource = jid_split(jid); 1356 local node, host, resource = jid_split(jid);
1357 if node or host:sub(1,1) ~= "_" then 1357 if node or host:sub(1,1) ~= "_" then
1358 if not resource and type(data) == "string" then 1358 if not resource and type(data) == "string" then
1359 -- bare jid: affiliation 1359 -- bare jid: affiliation
1360 room._affiliations[jid] = data; 1360 room._affiliations[jid] = data;
1361 elseif host == room_host and node == room_name and resource then 1361 elseif host == room_host and node == room_name and resource and type(data) == "table" then
1362 -- full room jid: bare real jid and role 1362 -- full room jid: bare real jid and role
1363 local bare_jid = data.bare_jid; 1363 local bare_jid = data.bare_jid;
1364 local occupant = occupant_lib.new(bare_jid, jid); 1364 local occupant = occupant_lib.new(bare_jid, jid);
1365 occupant.jid = data.jid; 1365 occupant.jid = data.jid;
1366 occupant.role = data.role; 1366 occupant.role = data.role;
1370 for full_jid, presence in pairs(sessions) do 1370 for full_jid, presence in pairs(sessions) do
1371 occupant:set_session(full_jid, presence); 1371 occupant:set_session(full_jid, presence);
1372 end 1372 end
1373 end 1373 end
1374 occupant_sessions[bare_jid] = nil; 1374 occupant_sessions[bare_jid] = nil;
1375 else 1375 elseif type(data) == "table" and data.name then
1376 -- full user jid: presence 1376 -- full user jid: presence
1377 local presence = st.deserialize(data); 1377 local presence = st.deserialize(data);
1378 local bare_jid = jid_bare(jid); 1378 local bare_jid = jid_bare(jid);
1379 local occupant = occupants[bare_jid]; 1379 local occupant = occupants[bare_jid];
1380 local sessions = occupant_sessions[bare_jid]; 1380 local sessions = occupant_sessions[bare_jid];