Mercurial > prosody-modules
comparison mod_rest/mod_rest.lua @ 5086:dec4b2e31d1c
mod_rest: Do not allow replies to <iq type=result> from webhooks
Replying to a result stanza could cause loops, just as replying to an
error.
No stanza.name check here but it should be fine since no other kinds of
stanzas have type=result, and the boolean logic would most definitely be
wrong on the first attempt.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 27 Nov 2022 00:10:38 +0100 |
| parents | cb19cb1c03d6 |
| children | 438fbebf74ac |
comparison
equal
deleted
inserted
replaced
| 5085:e384b91d0aa7 | 5086:dec4b2e31d1c |
|---|---|
| 498 | 498 |
| 499 local code2err = require "net.http.errors".registry; | 499 local code2err = require "net.http.errors".registry; |
| 500 | 500 |
| 501 local function handle_stanza(event) | 501 local function handle_stanza(event) |
| 502 local stanza, origin = event.stanza, event.origin; | 502 local stanza, origin = event.stanza, event.origin; |
| 503 local reply_allowed = stanza.attr.type ~= "error"; | 503 local reply_allowed = stanza.attr.type ~= "error" and stanza.attr.type ~= "result"; |
| 504 local reply_needed = reply_allowed and stanza.name == "iq"; | 504 local reply_needed = reply_allowed and stanza.name == "iq"; |
| 505 local receipt; | 505 local receipt; |
| 506 | 506 |
| 507 if reply_allowed and stanza.name == "message" and stanza.attr.id and stanza:get_child("urn:xmpp:receipts", "request") then | 507 if reply_allowed and stanza.name == "message" and stanza.attr.id and stanza:get_child("urn:xmpp:receipts", "request") then |
| 508 reply_needed = true; | 508 reply_needed = true; |