mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-20 16:15:59 +01:00
mod_mam: Refuse filtering anon MUC queries by JID
Return an empty result set if a non-moderator attempts to filter by JID while querying the archive of an anonymous MUC room.
This commit is contained in:
parent
c378ea403e
commit
48f2adde98
@ -863,8 +863,13 @@ select(_LServer, JidRequestor, JidArchive, Query, RSM,
|
||||
{Msgs, true, L}
|
||||
end;
|
||||
select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType) ->
|
||||
case might_expose_jid(JidRequestor, Query, MsgType) of
|
||||
true ->
|
||||
{[], true, 0};
|
||||
false ->
|
||||
Mod = gen_mod:db_mod(LServer, ?MODULE),
|
||||
Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType).
|
||||
Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType)
|
||||
end.
|
||||
|
||||
msg_to_el(#archive_msg{timestamp = TS, packet = El, nick = Nick,
|
||||
peer = Peer, id = ID},
|
||||
@ -988,6 +993,24 @@ match_rsm(Now, #rsm_set{before = ID}) when is_binary(ID), ID /= <<"">> ->
|
||||
match_rsm(_Now, _) ->
|
||||
true.
|
||||
|
||||
might_expose_jid(JidRequestor, Query, {groupchat, Role,
|
||||
#state{config = #config{anonymous = true}}})
|
||||
when Role /= moderator ->
|
||||
case proplists:get_value(with, Query) of
|
||||
undefined ->
|
||||
false;
|
||||
With ->
|
||||
case {jid:remove_resource(jid:tolower(With)),
|
||||
jid:remove_resource(jid:tolower(JidRequestor))} of
|
||||
{J, J} ->
|
||||
false;
|
||||
_ ->
|
||||
true
|
||||
end
|
||||
end;
|
||||
might_expose_jid(_JidRequestor, _Query, _MsgType) ->
|
||||
false.
|
||||
|
||||
get_jids(undefined) ->
|
||||
[];
|
||||
get_jids(Js) ->
|
||||
|
Loading…
Reference in New Issue
Block a user