prosody
6f7d6712e250

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

11806:6f7d6712e250

MUC: Reject full JID in affiliation queries XEP-0045 states: > Affiliations are granted, revoked, and maintained based on the user's > bare JID, not the nick as with roles. Therefore inclusion of a full JID in affiliation queries is invalid. Thanks to Ge0rG and Poezio for discovering this issue.
author Kim Alvefur <zash@zash.se>
date Fri, 17 Sep 2021 16:28:07 +0200
parents 11805:2327e03d1f8d
children 11807:f5295e59ca78
files plugins/muc/muc.lib.lua
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/muc/muc.lib.lua	Fri Sep 17 12:42:04 2021 +0200
+++ b/plugins/muc/muc.lib.lua	Fri Sep 17 16:28:07 2021 +0200
@@ -1050,6 +1050,9 @@
 		if not item.attr.jid then
 			origin.send(st.error_reply(stanza, "modify", "jid-malformed"));
 			return true;
+		elseif jid_resource(item.attr.jid) then
+			origin.send(st.error_reply(stanza, "modify", "jid-malformed", "Bare JID expected, got full JID"));
+			return true;
 		end
 	end
 	if item.attr.nick then -- Validate provided nick