25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-30 16:36:29 +01:00

Don't allow room config to enable password protection with empty password (EJAB-1011)

SVN Revision: 2488
This commit is contained in:
Badlop 2009-08-15 20:11:24 +00:00
parent e585b07d76
commit 26cdea53c7

View File

@ -2696,7 +2696,9 @@ process_iq_owner(From, set, Lang, SubEl, StateData) ->
From)
andalso
is_allowed_room_name_desc_limits(XEl,
StateData) of
StateData)
andalso
is_password_settings_correct(XEl, StateData) of
true -> set_config(XEl, StateData);
false -> {error, 'not-acceptable'}
end;
@ -2795,6 +2797,44 @@ is_allowed_room_name_desc_limits(XEl, StateData) ->
end,
IsNameAccepted and IsDescAccepted.
%% Return false if:
%% "the password for a password-protected room is blank"
is_password_settings_correct(XEl, StateData) ->
Config = StateData#state.config,
OldProtected = Config#config.password_protected,
OldPassword = Config#config.password,
NewProtected =
case lists:keysearch("muc#roomconfig_passwordprotectedroom", 1,
jlib:parse_xdata_submit(XEl)) of
{value, {_, ["1"]}} ->
true;
{value, {_, ["0"]}} ->
false;
_ ->
undefined
end,
NewPassword =
case lists:keysearch("muc#roomconfig_roomsecret", 1,
jlib:parse_xdata_submit(XEl)) of
{value, {_, [P]}} ->
P;
_ ->
undefined
end,
case {OldProtected, NewProtected, OldPassword, NewPassword} of
{true, undefined, "", undefined} ->
false;
{true, undefined, _, ""} ->
false;
{_, true , "", undefined} ->
false;
{_, true, _, ""} ->
false;
_ ->
true
end.
-define(XFIELD(Type, Label, Var, Val),
#xmlel{name = 'field',
attrs = [?XMLATTR('type', Type),