From 2c48515e7c708fbe75b6dca765ff50dcd721551c Mon Sep 17 00:00:00 2001 From: Christophe Romain Date: Mon, 12 Oct 2009 09:59:36 +0000 Subject: [PATCH] return invalid-options on badly formed subscription options SVN Revision: 2656 --- src/mod_pubsub/mod_pubsub.erl | 29 ++++++++---- src/mod_pubsub/mod_pubsub_odbc.erl | 29 ++++++++---- src/mod_pubsub/pubsub_odbc.patch | 71 ++++++++++++++++-------------- 3 files changed, 77 insertions(+), 52 deletions(-) diff --git a/src/mod_pubsub/mod_pubsub.erl b/src/mod_pubsub/mod_pubsub.erl index d68edcaa2..205a3fd11 100644 --- a/src/mod_pubsub/mod_pubsub.erl +++ b/src/mod_pubsub/mod_pubsub.erl @@ -1361,7 +1361,7 @@ adhoc_request(Host, _ServerHost, Owner, {value, {_, Node}} -> send_pending_auth_events(Host, Node, Owner); false -> - {error, ?ERR_EXTENDED(?ERR_BAD_REQUEST, "bad-payload")} + {error, extended_error(?ERR_BAD_REQUEST, "bad-payload")} end; Error -> Error @@ -1835,7 +1835,10 @@ delete_node(Host, Node, Owner) -> %%
  • The node does not exist.
    • %% subscribe_node(Host, Node, From, JID, Configuration) -> - {result, SubOpts} = pubsub_subscription:parse_options_xform(Configuration), + SubOpts = case pubsub_subscription:parse_options_xform(Configuration) of + {result, GoodSubOpts} -> GoodSubOpts; + _ -> invalid + end, Subscriber = case jlib:string_to_jid(JID) of error -> {"", "", ""}; J -> jlib:jid_tolower(J) @@ -1874,6 +1877,9 @@ subscribe_node(Host, Node, From, JID, Configuration) -> HasOptions andalso not OptionsFeature -> %% Node does not support subscription options {error, extended_error(?ERR_FEATURE_NOT_IMPLEMENTED, unsupported, "subscription-options")}; + SubOpts == invalid -> + %% Passed invalit options submit form + {error, extended_error(?ERR_BAD_REQUEST, "invalid-options")}; true -> node_call(Type, subscribe_node, [NodeId, From, Subscriber, @@ -2472,11 +2478,11 @@ get_options_helper(JID, Lang, Node, NodeID, SubID, Type) -> end, [], Subs), case {SubID, SubIDs} of {_, []} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; {[], [SID]} -> read_sub(Subscriber, Node, NodeID, SID, Lang); {[], _} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "subid-required")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "subid-required")}; {_, _} -> read_sub(Subscriber, Node, NodeID, SubID, Lang) end. @@ -2484,7 +2490,7 @@ get_options_helper(JID, Lang, Node, NodeID, SubID, Type) -> read_sub(Subscriber, Node, NodeID, SubID, Lang) -> case pubsub_subscription:get_subscription(Subscriber, NodeID, SubID) of {error, notfound} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; {result, #pubsub_subscription{options = Options}} -> {result, XdataEl} = pubsub_subscription:get_options_xform(Lang, Options), OptionsEl = {xmlelement, "options", [{"node", node_to_string(Node)}, @@ -2513,11 +2519,14 @@ set_options(Host, Node, JID, SubID, Configuration) -> end. set_options_helper(Configuration, JID, NodeID, SubID, Type) -> + SubOpts = case pubsub_subscription:parse_options_xform(Configuration) of + {result, GoodSubOpts} -> GoodSubOpts; + _ -> invalid + end, Subscriber = case jlib:string_to_jid(JID) of error -> {"", "", ""}; J -> jlib:jid_tolower(J) end, - {result, SubOpts} = pubsub_subscription:parse_options_xform(Configuration), {result, Subs} = node_call(Type, get_subscriptions, [NodeID, Subscriber]), SubIDs = lists:foldl(fun({subscribed, SID}, Acc) -> @@ -2527,19 +2536,21 @@ set_options_helper(Configuration, JID, NodeID, SubID, Type) -> end, [], Subs), case {SubID, SubIDs} of {_, []} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; {[], [SID]} -> write_sub(Subscriber, NodeID, SID, SubOpts); {[], _} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "subid-required")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "subid-required")}; {_, _} -> write_sub(Subscriber, NodeID, SubID, SubOpts) end. +write_sub(_Subscriber, _NodeID, _SubID, invalid) -> + {error, extended_error(?ERR_BAD_REQUEST, "invalid-options")}; write_sub(Subscriber, NodeID, SubID, Options) -> case pubsub_subscription:set_subscription(Subscriber, NodeID, SubID, Options) of {error, notfound} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; {result, _} -> {result, []} end. diff --git a/src/mod_pubsub/mod_pubsub_odbc.erl b/src/mod_pubsub/mod_pubsub_odbc.erl index 4d2fee285..cd6933015 100644 --- a/src/mod_pubsub/mod_pubsub_odbc.erl +++ b/src/mod_pubsub/mod_pubsub_odbc.erl @@ -1191,7 +1191,7 @@ adhoc_request(Host, _ServerHost, Owner, {value, {_, Node}} -> send_pending_auth_events(Host, Node, Owner); false -> - {error, ?ERR_EXTENDED(?ERR_BAD_REQUEST, "bad-payload")} + {error, extended_error(?ERR_BAD_REQUEST, "bad-payload")} end; Error -> Error @@ -1666,7 +1666,10 @@ delete_node(Host, Node, Owner) -> %%
  • The node does not exist.
    • %% subscribe_node(Host, Node, From, JID, Configuration) -> - {result, SubOpts} = pubsub_subscription_odbc:parse_options_xform(Configuration), + SubOpts = case pubsub_subscription_odbc:parse_options_xform(Configuration) of + {result, GoodSubOpts} -> GoodSubOpts; + _ -> invalid + end, Subscriber = case jlib:string_to_jid(JID) of error -> {"", "", ""}; J -> jlib:jid_tolower(J) @@ -1709,6 +1712,9 @@ subscribe_node(Host, Node, From, JID, Configuration) -> HasOptions andalso not OptionsFeature -> %% Node does not support subscription options {error, extended_error(?ERR_FEATURE_NOT_IMPLEMENTED, unsupported, "subscription-options")}; + SubOpts == invalid -> + %% Passed invalit options submit form + {error, extended_error(?ERR_BAD_REQUEST, "invalid-options")}; true -> node_call(Type, subscribe_node, [NodeId, From, Subscriber, @@ -2302,11 +2308,11 @@ get_options_helper(JID, Lang, Node, NodeID, SubID, Type) -> end, [], Subs), case {SubID, SubIDs} of {_, []} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; {[], [SID]} -> read_sub(Subscriber, Node, NodeID, SID, Lang); {[], _} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "subid-required")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "subid-required")}; {_, _} -> read_sub(Subscriber, Node, NodeID, SubID, Lang) end. @@ -2314,7 +2320,7 @@ get_options_helper(JID, Lang, Node, NodeID, SubID, Type) -> read_sub(Subscriber, Node, NodeID, SubID, Lang) -> case pubsub_subscription_odbc:get_subscription(Subscriber, NodeID, SubID) of {error, notfound} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; {result, #pubsub_subscription{options = Options}} -> {result, XdataEl} = pubsub_subscription_odbc:get_options_xform(Lang, Options), OptionsEl = {xmlelement, "options", [{"node", node_to_string(Node)}, @@ -2343,11 +2349,14 @@ set_options(Host, Node, JID, SubID, Configuration) -> end. set_options_helper(Configuration, JID, NodeID, SubID, Type) -> + SubOpts = case pubsub_subscription_odbc:parse_options_xform(Configuration) of + {result, GoodSubOpts} -> GoodSubOpts; + _ -> invalid + end, Subscriber = case jlib:string_to_jid(JID) of error -> {"", "", ""}; J -> jlib:jid_tolower(J) end, - {result, SubOpts} = pubsub_subscription_odbc:parse_options_xform(Configuration), {result, Subs} = node_call(Type, get_subscriptions, [NodeID, Subscriber]), SubIDs = lists:foldl(fun({subscribed, SID}, Acc) -> @@ -2357,19 +2366,21 @@ set_options_helper(Configuration, JID, NodeID, SubID, Type) -> end, [], Subs), case {SubID, SubIDs} of {_, []} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "not-subscribed")}; {[], [SID]} -> write_sub(Subscriber, NodeID, SID, SubOpts); {[], _} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "subid-required")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "subid-required")}; {_, _} -> write_sub(Subscriber, NodeID, SubID, SubOpts) end. +write_sub(_Subscriber, _NodeID, _SubID, invalid) -> + {error, extended_error(?ERR_BAD_REQUEST, "invalid-options")}; write_sub(Subscriber, NodeID, SubID, Options) -> case pubsub_subscription_odbc:set_subscription(Subscriber, NodeID, SubID, Options) of {error, notfound} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; {result, _} -> {result, []} end. diff --git a/src/mod_pubsub/pubsub_odbc.patch b/src/mod_pubsub/pubsub_odbc.patch index 58401a956..80108a270 100644 --- a/src/mod_pubsub/pubsub_odbc.patch +++ b/src/mod_pubsub/pubsub_odbc.patch @@ -1,5 +1,5 @@ ---- mod_pubsub.erl 2009-10-12 11:03:50.000000000 +0200 -+++ mod_pubsub_odbc.erl 2009-10-12 11:04:09.000000000 +0200 +--- mod_pubsub.erl 2009-10-12 11:57:04.000000000 +0200 ++++ mod_pubsub_odbc.erl 2009-10-12 11:57:19.000000000 +0200 @@ -45,7 +45,7 @@ %%% TODO %%% plugin: generate Reply (do not use broadcast atom anymore) @@ -416,13 +416,16 @@ {result, {Result, broadcast}} -> %%Lang = "en", %% TODO: fix %%OwnerKey = jlib:jid_tolower(jlib:jid_remove_resource(Owner)), -@@ -1835,12 +1666,12 @@ +@@ -1835,7 +1666,7 @@ %%
  • The node does not exist.
    • %% subscribe_node(Host, Node, From, JID, Configuration) -> -- {result, SubOpts} = pubsub_subscription:parse_options_xform(Configuration), -+ {result, SubOpts} = pubsub_subscription_odbc:parse_options_xform(Configuration), - Subscriber = case jlib:string_to_jid(JID) of +- SubOpts = case pubsub_subscription:parse_options_xform(Configuration) of ++ SubOpts = case pubsub_subscription_odbc:parse_options_xform(Configuration) of + {result, GoodSubOpts} -> GoodSubOpts; + _ -> invalid + end, +@@ -1843,7 +1674,7 @@ error -> {"", "", ""}; J -> jlib:jid_tolower(J) end, @@ -431,7 +434,7 @@ Features = features(Type), SubscribeFeature = lists:member("subscribe", Features), OptionsFeature = lists:member("subscription-options", Features), -@@ -1859,9 +1690,13 @@ +@@ -1862,9 +1693,13 @@ {"", "", ""} -> {false, false}; _ -> @@ -448,7 +451,7 @@ end end, if -@@ -2184,7 +2019,7 @@ +@@ -2190,7 +2025,7 @@ %%

    The permission are not checked in this function.

    %% @todo We probably need to check that the user doing the query has the right %% to read the items. @@ -457,7 +460,7 @@ MaxItems = if SMaxItems == "" -> get_max_items_node(Host); -@@ -2223,11 +2058,11 @@ +@@ -2229,11 +2064,11 @@ node_call(Type, get_items, [NodeId, From, AccessModel, PresenceSubscription, RosterGroup, @@ -471,7 +474,7 @@ SendItems = case ItemIDs of [] -> Items; -@@ -2240,7 +2075,8 @@ +@@ -2246,7 +2081,8 @@ %% number of items sent to MaxItems: {result, [{xmlelement, "pubsub", [{"xmlns", ?NS_PUBSUB}], [{xmlelement, "items", nodeAttr(Node), @@ -481,7 +484,7 @@ Error -> Error end -@@ -2272,16 +2108,27 @@ +@@ -2278,16 +2114,27 @@ %% @doc

    Resend the items of a node to the user.

    %% @todo use cache-last-item feature send_items(Host, Node, NodeId, Type, LJID, last) -> @@ -515,7 +518,7 @@ send_items(Host, Node, NodeId, Type, LJID, Number) -> ToSend = case node_action(Host, Type, get_items, [NodeId, LJID]) of {result, []} -> -@@ -2407,29 +2254,12 @@ +@@ -2413,29 +2260,12 @@ error -> {error, ?ERR_BAD_REQUEST}; _ -> @@ -548,39 +551,39 @@ end, Entities), {result, []}; _ -> -@@ -2482,11 +2312,11 @@ +@@ -2488,11 +2318,11 @@ end. read_sub(Subscriber, Node, NodeID, SubID, Lang) -> - case pubsub_subscription:get_subscription(Subscriber, NodeID, SubID) of + case pubsub_subscription_odbc:get_subscription(Subscriber, NodeID, SubID) of {error, notfound} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; {result, #pubsub_subscription{options = Options}} -> - {result, XdataEl} = pubsub_subscription:get_options_xform(Lang, Options), + {result, XdataEl} = pubsub_subscription_odbc:get_options_xform(Lang, Options), OptionsEl = {xmlelement, "options", [{"node", node_to_string(Node)}, {"jid", jlib:jid_to_string(Subscriber)}, {"subid", SubID}], -@@ -2517,7 +2347,7 @@ - error -> {"", "", ""}; - J -> jlib:jid_tolower(J) - end, -- {result, SubOpts} = pubsub_subscription:parse_options_xform(Configuration), -+ {result, SubOpts} = pubsub_subscription_odbc:parse_options_xform(Configuration), - {result, Subs} = node_call(Type, get_subscriptions, - [NodeID, Subscriber]), - SubIDs = lists:foldl(fun({subscribed, SID}, Acc) -> -@@ -2537,7 +2367,7 @@ +@@ -2519,7 +2349,7 @@ end. + set_options_helper(Configuration, JID, NodeID, SubID, Type) -> +- SubOpts = case pubsub_subscription:parse_options_xform(Configuration) of ++ SubOpts = case pubsub_subscription_odbc:parse_options_xform(Configuration) of + {result, GoodSubOpts} -> GoodSubOpts; + _ -> invalid + end, +@@ -2548,7 +2378,7 @@ + write_sub(_Subscriber, _NodeID, _SubID, invalid) -> + {error, extended_error(?ERR_BAD_REQUEST, "invalid-options")}; write_sub(Subscriber, NodeID, SubID, Options) -> - case pubsub_subscription:set_subscription(Subscriber, NodeID, SubID, Options) of + case pubsub_subscription_odbc:set_subscription(Subscriber, NodeID, SubID, Options) of {error, notfound} -> - {error, ?ERR_EXTENDED(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; + {error, extended_error(?ERR_NOT_ACCEPTABLE, "invalid-subid")}; {result, _} -> -@@ -2705,8 +2535,8 @@ +@@ -2716,8 +2546,8 @@ {"subscription", subscription_to_string(Sub)} | nodeAttr(Node)], []}]}]}, ejabberd_router ! {route, service_jid(Host), jlib:make_jid(JID), Stanza} end, @@ -591,7 +594,7 @@ true -> Result = lists:foldl(fun({JID, Subscription, SubId}, Acc) -> -@@ -2996,7 +2826,7 @@ +@@ -3007,7 +2837,7 @@ {Depth, [{N, get_node_subs(N)} || N <- Nodes]} end, tree_call(Host, get_parentnodes_tree, [Host, Node, service_jid(Host)]))} end, @@ -600,7 +603,7 @@ {result, CollSubs} -> CollSubs; _ -> [] end. -@@ -3010,9 +2840,9 @@ +@@ -3021,9 +2851,9 @@ get_options_for_subs(NodeID, Subs) -> lists:foldl(fun({JID, subscribed, SubID}, Acc) -> @@ -612,7 +615,7 @@ _ -> Acc end; (_, Acc) -> -@@ -3210,6 +3040,30 @@ +@@ -3221,6 +3051,30 @@ Result end. @@ -643,7 +646,7 @@ %% @spec (Host, Options) -> MaxItems %% Host = host() %% Options = [Option] -@@ -3596,7 +3450,13 @@ +@@ -3607,7 +3461,13 @@ tree_action(Host, Function, Args) -> ?DEBUG("tree_action ~p ~p ~p",[Host,Function,Args]), Fun = fun() -> tree_call(Host, Function, Args) end, @@ -658,7 +661,7 @@ %% @doc

    node plugin call.

    node_call(Type, Function, Args) -> -@@ -3616,13 +3476,13 @@ +@@ -3627,13 +3487,13 @@ node_action(Host, Type, Function, Args) -> ?DEBUG("node_action ~p ~p ~p ~p",[Host,Type,Function,Args]), @@ -674,7 +677,7 @@ case tree_call(Host, get_node, [Host, Node]) of N when is_record(N, pubsub_node) -> case Action(N) of -@@ -3635,8 +3495,14 @@ +@@ -3646,8 +3506,14 @@ end end, Trans). @@ -691,7 +694,7 @@ {result, Result} -> {result, Result}; {error, Error} -> {error, Error}; {atomic, {result, Result}} -> {result, Result}; -@@ -3644,6 +3510,15 @@ +@@ -3655,6 +3521,15 @@ {aborted, Reason} -> ?ERROR_MSG("transaction return internal error: ~p~n", [{aborted, Reason}]), {error, ?ERR_INTERNAL_SERVER_ERROR}; @@ -707,7 +710,7 @@ {'EXIT', Reason} -> ?ERROR_MSG("transaction return internal error: ~p~n", [{'EXIT', Reason}]), {error, ?ERR_INTERNAL_SERVER_ERROR}; -@@ -3652,6 +3527,17 @@ +@@ -3663,6 +3538,17 @@ {error, ?ERR_INTERNAL_SERVER_ERROR} end.