view mod_filter_words/mod_filter_words.lua @ 5404:1087f697c3f3

mod_http_oauth2: Strip unknown extra fields from client registration We shouldn't sign things we don't understand! RFC 7591 section-2 states: > The authorization server MUST ignore any client metadata sent by the > client that it does not understand (for instance, by silently removing > unknown metadata from the client's registration record during > processing). Prevents grandfathering in of unvalidated data that might become used later, especially since the 'additionalProperties' schema keyword was removed in 698fef74ce53
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:23:40 +0200
parents 677fc0203da0
children
line wrap: on
line source

local filters = require "util.filters";

local replacements = module:get_option("filter_words", {});

if not replacements then
	module:log("warn", "No 'filter_words' option set, filters inactive");
	return
end

function filter_stanza(stanza)
	if stanza.name == "message" then
		local body = stanza:get_child("body");
		if body then
			body[1] = body[1]:gsub("%a+", replacements);
		end
	end
	return stanza;
end

function filter_session(session)
	filters.add_filter(session, "stanzas/in", filter_stanza);
end

function module.load()
	if module.reloading then
		module:log("warn", "RELOADING!!!");
	end
	filters.add_filter_hook(filter_session);
end

function module.unload()
	filters.remove_filter_hook(filter_session);	
end