prosody
4585fe53e21f
plugins/muc/register.lib.lua
Software / code / prosody
Comparison
plugins/muc/register.lib.lua @ 10794:4585fe53e21f
MUC: Enforce strict resourceprep when registering room nicknames
If nickname enforcement is enabled this would otherwise let you bypass
the join check in muc.lib by registering an invalid nickname and then
joining with any nickname, letting register.lib change it to the invalid
registered nick.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 02 May 2020 20:12:41 +0200 |
| parent | 10448:cbe524ed1a6a |
| child | 11286:336cba957c88 |
comparison
equal
deleted
inserted
replaced
| 10793:9ce67da45e54 | 10794:4585fe53e21f |
|---|---|
| 150 if not reg_data then | 150 if not reg_data then |
| 151 origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); | 151 origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form")); |
| 152 return true; | 152 return true; |
| 153 end | 153 end |
| 154 -- Is the nickname valid? | 154 -- Is the nickname valid? |
| 155 local desired_nick = resourceprep(reg_data["muc#register_roomnick"]); | 155 local desired_nick = resourceprep(reg_data["muc#register_roomnick"], true); |
| 156 if not desired_nick then | 156 if not desired_nick then |
| 157 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid Nickname")); | 157 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid Nickname")); |
| 158 return true; | 158 return true; |
| 159 end | 159 end |
| 160 -- Is the nickname currently in use by another user? | 160 -- Is the nickname currently in use by another user? |
