Mercurial > libervia-backend

changeset 3532:ab72b8ac3bd2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
component file sharing: forbid jingle upload by entities which are not in allowed hosts
author Goffi <goffi@goffi.org>
date Wed, 05 May 2021 15:41:19 +0200
parents a8259a1f89b2
children 4b33ed5abd8f
files sat/plugins/plugin_comp_file_sharing.py
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/sat/plugins/plugin_comp_file_sharing.py	Wed May 05 15:37:33 2021 +0200
+++ b/sat/plugins/plugin_comp_file_sharing.py	Wed May 05 15:41:19 2021 +0200
@@ -508,6 +508,9 @@
         """This trigger accept file sending request, and store file locally"""
         if not client.is_component:
             return True, None
+        # client._file_sharing_allowed_hosts is set in plugin XEP-0329
+        if peer_jid.host not in client._file_sharing_allowed_hosts:
+            raise error.StanzaError("forbidden")
         assert stream_object
         assert "stream_object" not in transfer_data
         assert C.KEY_PROGRESS_ID in file_data