mod_mam: Refuse filtering anon MUC queries by JID

Return an empty result set if a non-moderator attempts to filter by JID
while querying the archive of an anonymous MUC room.

1 files changed, 25 insertions, 2 deletions

diff --git a/src/mod_mam.erl b/src/mod_mam.erl
index 674cefc05..a4dc62b01 100644
--- a/src/mod_mam.erl
+++ b/src/mod_mam.erl
@@ -863,8 +863,13 @@ select(_LServer, JidRequestor, JidArchive, Query, RSM,
 	    {Msgs, true, L}
     end;
 select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType) ->
-    Mod = gen_mod:db_mod(LServer, ?MODULE),
-    Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType).
+    case might_expose_jid(JidRequestor, Query, MsgType) of
+	true ->
+	    {[], true, 0};
+	false ->
+	    Mod = gen_mod:db_mod(LServer, ?MODULE),
+	    Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType)
+    end.
 
 msg_to_el(#archive_msg{timestamp = TS, packet = El, nick = Nick,
 		       peer = Peer, id = ID},
@@ -988,6 +993,24 @@ match_rsm(Now, #rsm_set{before = ID}) when is_binary(ID), ID /= <<"">> ->
 match_rsm(_Now, _) ->
     true.
 
+might_expose_jid(JidRequestor, Query, {groupchat, Role,
+			 #state{config = #config{anonymous = true}}})
+  when Role /= moderator ->
+    case proplists:get_value(with, Query) of
+	undefined ->
+	    false;
+	With ->
+	    case {jid:remove_resource(jid:tolower(With)),
+		  jid:remove_resource(jid:tolower(JidRequestor))} of
+		{J, J} ->
+		    false;
+		_ ->
+		    true
+	    end
+    end;
+might_expose_jid(_JidRequestor, _Query, _MsgType) ->
+    false.
+
 get_jids(undefined) ->
     [];
 get_jids(Js) ->