Mercurial > libervia-backend
comparison sat/plugins/plugin_comp_file_sharing.py @ 3532:ab72b8ac3bd2
component file sharing: forbid jingle upload by entities which are not in allowed hosts
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Wed, 05 May 2021 15:41:19 +0200 |
| parents | 849374e59178 |
| children | 888109774673 02e5e2385a30 |
comparison
equal
deleted
inserted
replaced
| 3531:a8259a1f89b2 | 3532:ab72b8ac3bd2 |
|---|---|
| 506 self, client, peer_jid, transfer_data, file_data, stream_object | 506 self, client, peer_jid, transfer_data, file_data, stream_object |
| 507 ): | 507 ): |
| 508 """This trigger accept file sending request, and store file locally""" | 508 """This trigger accept file sending request, and store file locally""" |
| 509 if not client.is_component: | 509 if not client.is_component: |
| 510 return True, None | 510 return True, None |
| 511 # client._file_sharing_allowed_hosts is set in plugin XEP-0329 | |
| 512 if peer_jid.host not in client._file_sharing_allowed_hosts: | |
| 513 raise error.StanzaError("forbidden") | |
| 511 assert stream_object | 514 assert stream_object |
| 512 assert "stream_object" not in transfer_data | 515 assert "stream_object" not in transfer_data |
| 513 assert C.KEY_PROGRESS_ID in file_data | 516 assert C.KEY_PROGRESS_ID in file_data |
| 514 filename = file_data["name"] | 517 filename = file_data["name"] |
| 515 assert filename and not "/" in filename | 518 assert filename and not "/" in filename |