diff options
| author | Andreas Köhler <andreas.koehler@1und1.de> | 2010-11-05 17:44:22 +0300 |
|---|---|---|
| committer | Badlop <badlop@process-one.net> | 2010-11-10 17:41:08 +0300 |
| commit | 7d93cad452553b2d02c2b5978ef63506ccc5e102 (patch) | |
| tree | 1822bfc0da3a891ac67a697c7ca55e608962c440 /src/ejabberd_c2s.erl | |
| parent | 860d8525ee474a1994ed08c149a0e2ac3f7f6953 (diff) | |
Before forwarding last activity requests to a user, check that the user's presence is visible for From
According to XEP-0012, 4. Online User Query, "if the requesting entity
is not authorized to view the user's presence information (normally via
a presence subscription as defined in XMPP IM), the user's server MUST
NOT deliver the IQ-get to an available resource but instead MUST return
a <forbidden/> error in response to the last activity request."
So check for a subscription of from of the jid and bare jid and whether
outgoing presences to From are allowed.
Fixes problem 3 of EJAB-1158.
Diffstat (limited to 'src/ejabberd_c2s.erl')
| -rw-r--r-- | src/ejabberd_c2s.erl | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 55b42fa6c..8af5f47a7 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -1291,6 +1291,25 @@ handle_info({route, From, To, Packet}, StateName, StateData) -> case exmpp_iq:is_request(Packet) of true -> case exmpp_iq:get_request(Packet) of + #xmlel{ns = ?NS_LAST_ACTIVITY} -> + LFrom = jlib:short_prepd_jid(From), + LBFrom = jlib:short_prepd_bare_jid(From), + DummyPresence = exmpp_presence:presence(available, ""), + HasFromSub = (?SETS:is_element(LFrom, StateData#state.pres_f) orelse ?SETS:is_element(LBFrom, StateData#state.pres_f)) + andalso is_privacy_allow(StateData, To, From, DummyPresence, out), + case HasFromSub of + true -> + case privacy_check_packet(StateData, From, To, Packet, in) of + allow -> + {true, Attrs, StateData}; + deny -> + {false, Attrs, StateData} + end; + _ -> + Err = exmpp_server_session:error(Packet, 'forbidden'), + send_element(StateData, Err), + {false, Attrs, StateData} + end; _ -> case privacy_check_packet(StateData, From, To, Packet, in) of allow -> |