diff options
author | Holger Weiss <holger@zedat.fu-berlin.de> | 2017-09-24 02:05:50 +0200 |
---|---|---|
committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2017-09-24 02:05:50 +0200 |
commit | 48f2adde98dca7c7822dc5a35c3a7f61bc560933 (patch) | |
tree | d3dd3b6ac1038f979752a6827b510a2e43605402 /src | |
parent | Add script to extract translation strings (diff) |
mod_mam: Refuse filtering anon MUC queries by JID
Return an empty result set if a non-moderator attempts to filter by JID
while querying the archive of an anonymous MUC room.
Diffstat (limited to 'src')
-rw-r--r-- | src/mod_mam.erl | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/src/mod_mam.erl b/src/mod_mam.erl index 674cefc05..a4dc62b01 100644 --- a/src/mod_mam.erl +++ b/src/mod_mam.erl @@ -863,8 +863,13 @@ select(_LServer, JidRequestor, JidArchive, Query, RSM, {Msgs, true, L} end; select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType) -> - Mod = gen_mod:db_mod(LServer, ?MODULE), - Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType). + case might_expose_jid(JidRequestor, Query, MsgType) of + true -> + {[], true, 0}; + false -> + Mod = gen_mod:db_mod(LServer, ?MODULE), + Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType) + end. msg_to_el(#archive_msg{timestamp = TS, packet = El, nick = Nick, peer = Peer, id = ID}, @@ -988,6 +993,24 @@ match_rsm(Now, #rsm_set{before = ID}) when is_binary(ID), ID /= <<"">> -> match_rsm(_Now, _) -> true. +might_expose_jid(JidRequestor, Query, {groupchat, Role, + #state{config = #config{anonymous = true}}}) + when Role /= moderator -> + case proplists:get_value(with, Query) of + undefined -> + false; + With -> + case {jid:remove_resource(jid:tolower(With)), + jid:remove_resource(jid:tolower(JidRequestor))} of + {J, J} -> + false; + _ -> + true + end + end; +might_expose_jid(_JidRequestor, _Query, _MsgType) -> + false. + get_jids(undefined) -> []; get_jids(Js) -> |