From 7d93cad452553b2d02c2b5978ef63506ccc5e102 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20K=C3=B6hler?= Date: Fri, 5 Nov 2010 15:44:22 +0100 Subject: Before forwarding last activity requests to a user, check that the user's presence is visible for From According to XEP-0012, 4. Online User Query, "if the requesting entity is not authorized to view the user's presence information (normally via a presence subscription as defined in XMPP IM), the user's server MUST NOT deliver the IQ-get to an available resource but instead MUST return a error in response to the last activity request." So check for a subscription of from of the jid and bare jid and whether outgoing presences to From are allowed. Fixes problem 3 of EJAB-1158. --- src/ejabberd_c2s.erl | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'src/ejabberd_c2s.erl') diff --git a/src/ejabberd_c2s.erl b/src/ejabberd_c2s.erl index 55b42fa6c..8af5f47a7 100644 --- a/src/ejabberd_c2s.erl +++ b/src/ejabberd_c2s.erl @@ -1291,6 +1291,25 @@ handle_info({route, From, To, Packet}, StateName, StateData) -> case exmpp_iq:is_request(Packet) of true -> case exmpp_iq:get_request(Packet) of + #xmlel{ns = ?NS_LAST_ACTIVITY} -> + LFrom = jlib:short_prepd_jid(From), + LBFrom = jlib:short_prepd_bare_jid(From), + DummyPresence = exmpp_presence:presence(available, ""), + HasFromSub = (?SETS:is_element(LFrom, StateData#state.pres_f) orelse ?SETS:is_element(LBFrom, StateData#state.pres_f)) + andalso is_privacy_allow(StateData, To, From, DummyPresence, out), + case HasFromSub of + true -> + case privacy_check_packet(StateData, From, To, Packet, in) of + allow -> + {true, Attrs, StateData}; + deny -> + {false, Attrs, StateData} + end; + _ -> + Err = exmpp_server_session:error(Packet, 'forbidden'), + send_element(StateData, Err), + {false, Attrs, StateData} + end; _ -> case privacy_check_packet(StateData, From, To, Packet, in) of allow -> -- cgit v1.2.3