diff options
| author | Valérian Saliou <valerian@valeriansaliou.name> | 2014-02-05 23:13:44 +0400 |
|---|---|---|
| committer | Valérian Saliou <valerian@valeriansaliou.name> | 2014-02-05 23:13:44 +0400 |
| commit | aba04db448b8596990bdc09e9992525841d8302f (patch) | |
| tree | 59168cbcccaf91a2d5b78654171e2a6f25ee733b | |
| parent | 3e666797f78da7739816b601673e7c07aac54310 (diff) | |
Add IQ push filter for roster push and so for #412
| -rw-r--r-- | app/javascripts/common.js | 29 | ||||
| -rw-r--r-- | app/javascripts/iq.js | 4 |
2 files changed, 29 insertions, 4 deletions
diff --git a/app/javascripts/common.js b/app/javascripts/common.js index 85d95a4f..e8254b71 100644 --- a/app/javascripts/common.js +++ b/app/javascripts/common.js @@ -360,8 +360,9 @@ var Common = (function () { xid = self.cutResource(xid); // Launch nodeprep - if(xid.indexOf('@') != -1) + if(xid.indexOf('@') != -1) { xid = self.nodeprep(self.getXIDNick(xid)) + '@' + self.getXIDHost(xid); + } return xid; } catch(e) { @@ -572,8 +573,9 @@ var Common = (function () { var from = stanza.getFrom(); // No from, we assume this is our XID - if(!from) + if(!from) { from = self.getXID(); + } return from; } catch(e) { @@ -584,6 +586,29 @@ var Common = (function () { /** + * Returns whether the stanza has been really sent from our own server or entity + * @public + * @param {object} stanza + * @return {string} + */ + self.isSafeStanza = function(stanza) { + + var is_safe = false; + + try { + var from = self.getStanzaFrom(stanza); + + is_safe = (!from || from == con.domain || from == self.getXID()) && true; + } catch(e) { + Console.error('Common.isSafeStanza', e); + } finally { + return is_safe; + } + + }; + + + /** * Adds a zero to a date when needed * @public * @param {number} i diff --git a/app/javascripts/iq.js b/app/javascripts/iq.js index 844ac98a..2a3f35b2 100644 --- a/app/javascripts/iq.js +++ b/app/javascripts/iq.js @@ -109,7 +109,7 @@ var IQ = (function () { } // Privacy lists push - else if((iqQueryXMLNS == NS_PRIVACY) && (iqType == 'set')) { + else if((iqQueryXMLNS == NS_PRIVACY) && (iqType == 'set') && Common.isSafeStanza(iq)) { // REF : http://xmpp.org/extensions/xep-0016.html // Roster push @@ -124,7 +124,7 @@ var IQ = (function () { } // Roster push - else if((iqQueryXMLNS == NS_ROSTER) && (iqType == 'set')) { + else if((iqQueryXMLNS == NS_ROSTER) && (iqType == 'set') && Common.isSafeStanza(iq)) { // REF : http://xmpp.org/extensions/xep-0092.html // Roster push |