prosody
cfc05e46b979
plugins/mod_mam/mod_mam.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Comparison

plugins/mod_mam/mod_mam.lua @ 10559:cfc05e46b979

mod_mam: More careful validation of MAM query form Adapted from mod_muc_mam
author Kim Alvefur <zash@zash.se>
date Mon, 23 Dec 2019 23:30:45 +0100
parent 10299:fd94721186b8
child 10563:e8db377a2983
comparison
equal deleted inserted replaced
10558:40c2500208f4 10559:cfc05e46b979
23 local prefs_from_stanza = module:require"mamprefsxml".fromstanza; 23 local prefs_from_stanza = module:require"mamprefsxml".fromstanza;
24 local jid_bare = require "util.jid".bare; 24 local jid_bare = require "util.jid".bare;
25 local jid_split = require "util.jid".split; 25 local jid_split = require "util.jid".split;
26 local jid_prepped_split = require "util.jid".prepped_split; 26 local jid_prepped_split = require "util.jid".prepped_split;
27 local dataform = require "util.dataforms".new; 27 local dataform = require "util.dataforms".new;
28 local get_form_type = require "util.dataforms".get_type;
28 local host = module.host; 29 local host = module.host;
29 30
30 local rm_load_roster = require "core.rostermanager".load_roster; 31 local rm_load_roster = require "core.rostermanager".load_roster;
31 32
32 local is_stanza = st.is_stanza; 33 local is_stanza = st.is_stanza;
99 100
100 -- Search query parameters 101 -- Search query parameters
101 local qwith, qstart, qend; 102 local qwith, qstart, qend;
102 local form = query:get_child("x", "jabber:x:data"); 103 local form = query:get_child("x", "jabber:x:data");
103 if form then 104 if form then
104 local err; 105 local form_type, err = get_form_type(form);
106 if not form_type then
107 origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid dataform: "..err));
108 return true;
109 elseif form_type ~= xmlns_mam then
110 origin.send(st.error_reply(stanza, "modify", "bad-request", "Unexpected FORM_TYPE, expected '"..xmlns_mam.."'"));
111 return true;
112 end
105 form, err = query_form:data(form); 113 form, err = query_form:data(form);
106 if err then 114 if err then
107 origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err)))); 115 origin.send(st.error_reply(stanza, "modify", "bad-request", select(2, next(err))));
108 return true; 116 return true;
109 end 117 end