prosody
4585fe53e21f
plugins/muc/register.lib.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/muc/register.lib.lua @ 10794:4585fe53e21f

MUC: Enforce strict resourceprep when registering room nicknames If nickname enforcement is enabled this would otherwise let you bypass the join check in muc.lib by registering an invalid nickname and then joining with any nickname, letting register.lib change it to the invalid registered nick.
author Kim Alvefur <zash@zash.se>
date Sat, 02 May 2020 20:12:41 +0200
parent 10448:cbe524ed1a6a
child 11286:336cba957c88
line wrap: on
line diff
--- a/plugins/muc/register.lib.lua	Sat May 02 14:13:02 2020 +0200
+++ b/plugins/muc/register.lib.lua	Sat May 02 20:12:41 2020 +0200
@@ -152,7 +152,7 @@
 			return true;
 		end
 		-- Is the nickname valid?
-		local desired_nick = resourceprep(reg_data["muc#register_roomnick"]);
+		local desired_nick = resourceprep(reg_data["muc#register_roomnick"], true);
 		if not desired_nick then
 			origin.send(st.error_reply(stanza, "modify", "bad-request", "Invalid Nickname"));
 			return true;