Mercurial > libervia-backend

comparison src/plugins/plugin_misc_groupblog.py @ 532:db4ae4d18f09

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugin group blog: security check + fixed publisher in personalEvent signal
author Goffi <goffi@goffi.org>
date Sun, 28 Oct 2012 18:27:37 +0100
parents c18e0e108925
children 07f369ed3988
comparison
equal deleted inserted replaced
531:3bd8f84f920d 532:db4ae4d18f09
17 17
18 You should have received a copy of the GNU Affero General Public License 18 You should have received a copy of the GNU Affero General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>. 19 along with this program. If not, see <http://www.gnu.org/licenses/>.
20 """ 20 """
21 21
22 from logging import debug, info, error 22 from logging import debug, info, warning, error
23 from twisted.internet import defer 23 from twisted.internet import defer
24 from twisted.words.protocols.jabber import jid 24 from twisted.words.protocols.jabber import jid
25 25
26 from wokkel import disco, data_form, iwokkel 26 from wokkel import disco, data_form, iwokkel
27 27
149 defer.returnValue((profile, client)) 149 defer.returnValue((profile, client))
150 150
151 def pubSubItemsReceivedTrigger(self, event, profile): 151 def pubSubItemsReceivedTrigger(self, event, profile):
152 """"Trigger which catch groupblogs events""" 152 """"Trigger which catch groupblogs events"""
153 if event.nodeIdentifier.startswith(NS_NODE_PREFIX): 153 if event.nodeIdentifier.startswith(NS_NODE_PREFIX):
154 publisher = jid.JID(event.nodeIdentifier[len(NS_NODE_PREFIX):])
155 origin_host = publisher.host.split('.')
156 event_host = event.sender.host.split('.')
157 #FIXME: basic origin check, must be improved
158 if (not (origin_host)
159 or len(event_host) < len(origin_host)
160 or event_host[-len(origin_host):] != origin_host):
161 warning("Host incoherence between %s and %s (hack attempt ?)" % (unicode(event.sender),
162 unicode(publisher)))
163 return
154 for item in event.items: 164 for item in event.items:
155 microblog_data = self.host.plugins["XEP-0277"].item2mbdata(item) 165 microblog_data = self.host.plugins["XEP-0277"].item2mbdata(item)
156 self.host.bridge.personalEvent(event.sender.full(), "MICROBLOG", microblog_data, profile) 166 self.host.bridge.personalEvent(publisher.full(), "MICROBLOG", microblog_data, profile)
157 return False 167 return False
158 return True 168 return True
159 169
160 170
161 171