25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-11-20 16:15:59 +01:00

mod_mam: Refuse filtering anon MUC queries by JID

Return an empty result set if a non-moderator attempts to filter by JID
while querying the archive of an anonymous MUC room.
This commit is contained in:
Holger Weiss 2017-09-24 02:05:50 +02:00
parent c378ea403e
commit 48f2adde98

View File

@ -863,8 +863,13 @@ select(_LServer, JidRequestor, JidArchive, Query, RSM,
{Msgs, true, L}
end;
select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType) ->
case might_expose_jid(JidRequestor, Query, MsgType) of
true ->
{[], true, 0};
false ->
Mod = gen_mod:db_mod(LServer, ?MODULE),
Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType).
Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType)
end.
msg_to_el(#archive_msg{timestamp = TS, packet = El, nick = Nick,
peer = Peer, id = ID},
@ -988,6 +993,24 @@ match_rsm(Now, #rsm_set{before = ID}) when is_binary(ID), ID /= <<"">> ->
match_rsm(_Now, _) ->
true.
might_expose_jid(JidRequestor, Query, {groupchat, Role,
#state{config = #config{anonymous = true}}})
when Role /= moderator ->
case proplists:get_value(with, Query) of
undefined ->
false;
With ->
case {jid:remove_resource(jid:tolower(With)),
jid:remove_resource(jid:tolower(JidRequestor))} of
{J, J} ->
false;
_ ->
true
end
end;
might_expose_jid(_JidRequestor, _Query, _MsgType) ->
false.
get_jids(undefined) ->
[];
get_jids(Js) ->