Software / code / prosody
Changeset
5318:989acb4ad1de
mod_pubsub: More strict checks for node and ids
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 31 Jan 2013 15:33:41 +0100 |
| parents | 5317:86fab046813f |
| children | 5319:d20861bf900b |
| files | plugins/mod_pubsub.lua |
| diffstat | 1 files changed, 19 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_pubsub.lua Mon Jan 28 01:06:05 2013 +0100 +++ b/plugins/mod_pubsub.lua Thu Jan 31 15:33:41 2013 +0100 @@ -32,6 +32,8 @@ local pubsub_errors = { ["conflict"] = { "cancel", "conflict" }; ["invalid-jid"] = { "modify", "bad-request", nil, "invalid-jid" }; + ["jid-required"] = { "modify", "bad-request", nil, "jid-required" }; + ["nodeid-required"] = { "modify", "bad-request", nil, "nodeid-required" }; ["item-not-found"] = { "cancel", "item-not-found" }; ["not-subscribed"] = { "modify", "unexpected-request", nil, "not-subscribed" }; ["forbidden"] = { "cancel", "forbidden" }; @@ -50,6 +52,9 @@ local item = items:get_child("item"); local id = item and item.attr.id; + if not node then + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); + end local ok, results = service:get_items(node, stanza.attr.from, id); if not ok then return origin.send(pubsub_error_reply(stanza, results)); @@ -72,6 +77,9 @@ function handlers.get_subscriptions(origin, stanza, subscriptions) local node = subscriptions.attr.node; + if not node then + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); + end local ok, ret = service:get_subscriptions(node, stanza.attr.from, stanza.attr.from); if not ok then return origin.send(pubsub_error_reply(stanza, ret)); @@ -113,6 +121,9 @@ function handlers.set_subscribe(origin, stanza, subscribe) local node, jid = subscribe.attr.node, subscribe.attr.jid; + if not (node and jid) then + return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid")); + end --[[ local options_tag, options = stanza.tags[1]:get_child("options"), nil; if options_tag then @@ -151,6 +162,9 @@ function handlers.set_unsubscribe(origin, stanza, unsubscribe) local node, jid = unsubscribe.attr.node, unsubscribe.attr.jid; + if not (node and jid) then + return origin.send(pubsub_error_reply(stanza, jid and "nodeid-required" or "invalid-jid")); + end local ok, ret = service:remove_subscription(node, stanza.attr.from, jid); local reply; if ok then @@ -163,6 +177,9 @@ function handlers.set_publish(origin, stanza, publish) local node = publish.attr.node; + if not node then + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); + end local item = publish:get_child("item"); local id = (item and item.attr.id) or uuid_generate(); local ok, ret = service:publish(node, stanza.attr.from, id, item); @@ -184,8 +201,7 @@ local item = retract:get_child("item"); local id = item and item.attr.id if not (node and id) then - origin.send(st.error_reply(stanza, "modify", "bad-request")); - return true; + return origin.send(pubsub_error_reply(stanza, node and "item-not-found" or "nodeid-required")); end local reply, notifier; if notify then @@ -205,8 +221,7 @@ notify = (notify == "1") or (notify == "true"); local reply; if not node then - origin.send(st.error_reply(stanza, "modify", "bad-request")); - return true; + return origin.send(pubsub_error_reply(stanza, "nodeid-required")); end local ok, ret = service:purge(node, stanza.attr.from, notify); if ok then
