Diff

plugins/mod_pubsub.lua @ 5318:989acb4ad1de

mod_pubsub: More strict checks for node and ids
author Kim Alvefur <zash@zash.se>
date Thu, 31 Jan 2013 15:33:41 +0100
parent 5317:86fab046813f
child 5320:518d864b2ab8
line wrap: on
line diff
--- a/plugins/mod_pubsub.lua	Mon Jan 28 01:06:05 2013 +0100
+++ b/plugins/mod_pubsub.lua	Thu Jan 31 15:33:41 2013 +0100
@@ -32,6 +32,8 @@
 local pubsub_errors = {
 	["conflict"] = { "cancel", "conflict" };
 	["invalid-jid"] = { "modify", "bad-request", nil, "invalid-jid" };
+	["jid-required"] = { "modify", "bad-request", nil, "jid-required" };
+	["nodeid-required"] = { "modify", "bad-request", nil, "nodeid-required" };
 	["item-not-found"] = { "cancel", "item-not-found" };
 	["not-subscribed"] = { "modify", "unexpected-request", nil, "not-subscribed" };
 	["forbidden"] = { "cancel", "forbidden" };
@@ -50,6 +52,9 @@
 	local item = items:get_child("item");
 	local id = item and item.attr.id;
 	
+	if not node then
+		return origin.send(pubsub_error_reply(stanza, "nodeid-required"));
+	end
 	local ok, results = service:get_items(node, stanza.attr.from, id);
 	if not ok then
 		return origin.send(pubsub_error_reply(stanza, results));
@@ -72,6 +77,9 @@
 
 function handlers.get_subscriptions(origin, stanza, subscriptions)
 	local node = subscriptions.attr.node;
+	if not node then
+		return origin.send(pubsub_error_reply(stanza, "nodeid-required"));
+	end
 	local ok, ret = service:get_subscriptions(node, stanza.attr.from, stanza.attr.from);
 	if not ok then
 		return origin.send(pubsub_error_reply(stanza, ret));
@@ -113,6 +121,9 @@
 
 function handlers.set_subscribe(origin, stanza, subscribe)
 	local node, jid = subscribe.attr.node, subscribe.attr.jid;
+	if not (node and jid) then
+		return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid"));
+	end
 	--[[
 	local options_tag, options = stanza.tags[1]:get_child("options"), nil;
 	if options_tag then
@@ -151,6 +162,9 @@
 
 function handlers.set_unsubscribe(origin, stanza, unsubscribe)
 	local node, jid = unsubscribe.attr.node, unsubscribe.attr.jid;
+	if not (node and jid) then
+		return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid"));
+	end
 	local ok, ret = service:remove_subscription(node, stanza.attr.from, jid);
 	local reply;
 	if ok then
@@ -163,6 +177,9 @@
 
 function handlers.set_publish(origin, stanza, publish)
 	local node = publish.attr.node;
+	if not node then
+		return origin.send(pubsub_error_reply(stanza, "nodeid-required"));
+	end
 	local item = publish:get_child("item");
 	local id = (item and item.attr.id) or uuid_generate();
 	local ok, ret = service:publish(node, stanza.attr.from, id, item);
@@ -184,8 +201,7 @@
 	local item = retract:get_child("item");
 	local id = item and item.attr.id
 	if not (node and id) then
-		origin.send(st.error_reply(stanza, "modify", "bad-request"));
-		return true;
+		return origin.send(pubsub_error_reply(stanza, node and "item-not-found" or "nodeid-required"));
 	end
 	local reply, notifier;
 	if notify then
@@ -205,8 +221,7 @@
 	notify = (notify == "1") or (notify == "true");
 	local reply;
 	if not node then
-		origin.send(st.error_reply(stanza, "modify", "bad-request"));
-		return true;
+		return origin.send(pubsub_error_reply(stanza, "nodeid-required"));
 	end
 	local ok, ret = service:purge(node, stanza.attr.from, notify);
 	if ok then