prosody
dab2a7a82170

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

10342:dab2a7a82170

MUC: Validate registration dataform more carefully
author Kim Alvefur <zash@zash.se>
date Sun, 20 Oct 2019 14:54:57 +0200
parents 10340:5c6912289ce3
children 10343:7651b80aaec3
files plugins/muc/register.lib.lua
diffstat 1 files changed, 13 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/plugins/muc/register.lib.lua	Tue Oct 15 23:38:29 2019 +0200
+++ b/plugins/muc/register.lib.lua	Sun Oct 20 14:54:57 2019 +0200
@@ -136,7 +136,19 @@
 			return true;
 		end
 		local form_tag = query:get_child("x", "jabber:x:data");
-		local reg_data = form_tag and registration_form:data(form_tag);
+		if not form_tag then
+			origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing dataform"));
+			return true;
+		end
+		local form_type, err = dataforms.get_type(form_tag);
+		if not form_type then
+			origin.send(st.error_reply(stanza, "modify", "bad-request", "Error with form: "..err));
+			return true;
+		elseif form_type ~= "http://jabber.org/protocol/muc#register" then
+			origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form"));
+			return true;
+		end
+		local reg_data = registration_form:data(form_tag);
 		if not reg_data then
 			origin.send(st.error_reply(stanza, "modify", "bad-request", "Error in form"));
 			return true;