changeset 3996:42682505e692

mod_cloud_notify: Forbid user from registering their own JID as their push server
author Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
date Mon, 27 Apr 2020 23:07:01 +0200
parents 4c9805f29f2d
children 0e72dd70afff
files mod_cloud_notify/mod_cloud_notify.lua
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_cloud_notify/mod_cloud_notify.lua	Thu Aug 15 09:26:02 2019 +0200
+++ b/mod_cloud_notify/mod_cloud_notify.lua	Mon Apr 27 23:07:01 2020 +0200
@@ -173,6 +173,11 @@
 		origin.send(st.error_reply(stanza, "modify", "bad-request", "Missing jid"));
 		return true;
 	end
+	if push_jid == stanza.attr.from then
+		origin.log("debug", "Push notification enable request 'jid' field identical to our own");
+		origin.send(st.error_reply(stanza, "modify", "bad-request", "JID must be different from ours"));
+		return true;
+	end
 	local publish_options = enable:get_child("x", "jabber:x:data");
 	if not publish_options then
 		-- Could be intentional