prosody
564e897f0790
plugins/muc/muc.lib.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

plugins/muc/muc.lib.lua @ 8836:564e897f0790

MUC: reject non-bare JIDs in set_affiliation requests with not-acceptable
author Jonas Wielicki <jonas@wielicki.name>
date Thu, 17 May 2018 17:11:25 +0200
parent 8835:a7221ada9368
child 8837:1b10802a770e
line wrap: on
line diff
--- a/plugins/muc/muc.lib.lua	Thu May 17 17:11:00 2018 +0200
+++ b/plugins/muc/muc.lib.lua	Thu May 17 17:11:25 2018 +0200
@@ -1076,6 +1076,9 @@
 	for jid, value in pairs(jid_affiliation) do
 		local affiliation = value["affiliation"];
 
+		if jid ~= jid_bare(jid) then
+			return false, "modify", "not-acceptable";
+		end
 		jid = jid_bare(jid);
 		if affiliation == "none" then affiliation = nil; end
 		if affiliation and affiliation ~= "outcast" and affiliation ~= "owner" and affiliation ~= "admin" and affiliation ~= "member" then