mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-26 16:26:24 +01:00
Before forwarding last activity requests to a user, check that the user's presence is visible for From
According to XEP-0012, 4. Online User Query, "if the requesting entity is not authorized to view the user's presence information (normally via a presence subscription as defined in XMPP IM), the user's server MUST NOT deliver the IQ-get to an available resource but instead MUST return a <forbidden/> error in response to the last activity request." So check for a subscription of from of the jid and bare jid and whether outgoing presences to From are allowed. Fixes problem 3 of EJAB-1158.
This commit is contained in:
parent
860d8525ee
commit
7d93cad452
@ -1291,6 +1291,25 @@ handle_info({route, From, To, Packet}, StateName, StateData) ->
|
||||
case exmpp_iq:is_request(Packet) of
|
||||
true ->
|
||||
case exmpp_iq:get_request(Packet) of
|
||||
#xmlel{ns = ?NS_LAST_ACTIVITY} ->
|
||||
LFrom = jlib:short_prepd_jid(From),
|
||||
LBFrom = jlib:short_prepd_bare_jid(From),
|
||||
DummyPresence = exmpp_presence:presence(available, ""),
|
||||
HasFromSub = (?SETS:is_element(LFrom, StateData#state.pres_f) orelse ?SETS:is_element(LBFrom, StateData#state.pres_f))
|
||||
andalso is_privacy_allow(StateData, To, From, DummyPresence, out),
|
||||
case HasFromSub of
|
||||
true ->
|
||||
case privacy_check_packet(StateData, From, To, Packet, in) of
|
||||
allow ->
|
||||
{true, Attrs, StateData};
|
||||
deny ->
|
||||
{false, Attrs, StateData}
|
||||
end;
|
||||
_ ->
|
||||
Err = exmpp_server_session:error(Packet, 'forbidden'),
|
||||
send_element(StateData, Err),
|
||||
{false, Attrs, StateData}
|
||||
end;
|
||||
_ ->
|
||||
case privacy_check_packet(StateData, From, To, Packet, in) of
|
||||
allow ->
|
||||
|
Loading…
Reference in New Issue
Block a user