# HG changeset patch # User Goffi # Date 1620222079 -7200 # Node ID ab72b8ac3bd29e6bdf1c288c8b4844f96f0c0f77 # Parent a8259a1f89b2a0e5d6223229199c67d8d1847f8f component file sharing: forbid jingle upload by entities which are not in allowed hosts diff -r a8259a1f89b2 -r ab72b8ac3bd2 sat/plugins/plugin_comp_file_sharing.py --- a/sat/plugins/plugin_comp_file_sharing.py Wed May 05 15:37:33 2021 +0200 +++ b/sat/plugins/plugin_comp_file_sharing.py Wed May 05 15:41:19 2021 +0200 @@ -508,6 +508,9 @@ """This trigger accept file sending request, and store file locally""" if not client.is_component: return True, None + # client._file_sharing_allowed_hosts is set in plugin XEP-0329 + if peer_jid.host not in client._file_sharing_allowed_hosts: + raise error.StanzaError("forbidden") assert stream_object assert "stream_object" not in transfer_data assert C.KEY_PROGRESS_ID in file_data