Mercurial > prosody-modules
view mod_muc_bot/mod_muc_bot.lua @ 4651:8231774f5bfd
mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
The `body:sub()` call risks splitting the string in the middle of a
multi-byte UTF-8 sequence. This should have been caught by util.stanza
validation, but that would have caused some havoc, at the very least causing
the notification to not be sent.
There have been no reports of this happening. Likely because this module
isn't widely deployed among users with languages that use many longer UTF-8
sequences.
The util.encodings.utf8.valid() function is O(n) where only the last
sequence really needs to be checked, but it's in C and expected to be fast.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 22 Aug 2021 13:22:59 +0200 |
| parents | bcf4518d18d4 |
| children | 205b9d06fe6b |
line wrap: on
line source
local st = require "util.stanza"; local jid = require "util.jid"; local bots = module:get_option_set("known_bots", {}); module:hook("muc-occupant-groupchat", function(event) if event.occupant then return end -- skip messages from actual occupants local room = event.room; if bots:contains(jid.bare(event.from)) or bots:contains(jid.host(event.from)) then local nick = room:get_registered_nick(jid); if not nick then -- Allow bot to specify its own nick, but we're appending '[bot]' to it. -- FIXME HATS!!! nick = event.stanza:get_child_text("nick", "http://jabber.org/protocol/nick"); nick = (nick or jid.bare(event.from)) .. "[bot]"; end local virtual_occupant_jid = jid.prep(room.jid .. "/" .. nick, true); if not virtual_occupant_jid then module:send(st.error_reply(event.stanza, "modify", "jid-malformed", "Nickname must pass strict validation", room.jid)); return true; end local occupant = room:new_occupant(module.host, virtual_occupant_jid); local join = st.presence({from = event.from; to = virtual_occupant_jid}); local dest_x = st.stanza("x", {xmlns = "http://jabber.org/protocol/muc#user"}); occupant:set_session(event.from, join, true); room:save_occupant(occupant); room:publicise_occupant_status(occupant, dest_x); -- Inject virtual occupant to trick all the other hooks on this event that -- this is an actual legitimate participant. event.occupant = occupant; end end, 66); module:hook("muc-occupant-pre-join", function(event) local room = event.room; local nick = jid.resource(event.occupant.nick); if nick:sub(-5, -1) == "[bot]" then event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", "Only known bots may use the [bot] suffix", room.jid)); return true; end end, 3); module:hook("muc-occupant-pre-change", function(event) local room = event.room; local nick = jid.resource(event.dest_occupant.nick); if nick:sub(-5, -1) == "[bot]" then event.origin.send(st.error_reply(event.stanza, "modify", "policy-violation", "Only known bots may use the [bot] suffix", room.jid)); return true; end end, 3); if not module:get_option_boolean("bots_get_messages", true) then module:hook("muc-broadcast-message", function (event) event.room:broadcast(event.stanza, function (nick, occupant) if nick:sub(-5, -1) == "[bot]" or bots:contains(occupant.bare_jid) or bots:contains(jid.host(occupant.bare_jid)) then return false; else return true; end end); return true; end, -100); end if module:get_option_boolean("ignore_bot_errors", true) then module:hook("message/full", function (event) local stanza = event.stanza; if stanza.attr.type == "error" then if bots:contains(jid.bare(stanza.attr.from)) or bots:contains(jid.host(stanza.attr.from)) then module:log("debug", "Ignoring error from known bot"); return true; end end end, 1); end assert(string.sub("foo[bot]", -5, -1) == "[bot]", "substring indicies, how do they work?");