# HG changeset patch
# User Jonas Wielicki <jo...@wielicki.name>
# Date 1526569885 -7200
# Thu May 17 17:11:25 2018 +0200
# Node ID 8f67316ef89824a53e1e9a527af798262b051e8a
# Parent b828db4432de0ab634b4d44dd8880a969727e3bc
MUC: reject non-bare JIDs in set_affiliation requests with not-acceptable
diff -r b828db4432de -r 8f67316ef898 plugins/muc/muc.lib.lua
--- a/plugins/muc/muc.lib.lua Thu May 17 17:11:00 2018 +0200
+++ b/plugins/muc/muc.lib.lua Thu May 17 17:11:25 2018 +0200
@@ -1076,6 +1076,9 @@
for jid, value in pairs(jid_affiliation) do
local affiliation = value["affiliation"];
+ if jid ~= jid_bare(jid) then
+ return false, "modify", "not-acceptable";
+ end
jid = jid_bare(jid);
if affiliation == "none" then affiliation = nil; end
if affiliation and affiliation ~= "outcast" and affiliation ~=
"owner" and affiliation ~= "admin" and affiliation ~= "member" then
--
You received this message because you are subscribed to the Google Groups
"prosody-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to prosody-dev+unsubscr...@googlegroups.com.
To post to this group, send email to prosody-dev@googlegroups.com.
Visit this group at https://groups.google.com/group/prosody-dev.
For more options, visit https://groups.google.com/d/optout.
