Skip to content
Permalink
Browse files

Prevent Bookmark and Roster injection

  • Loading branch information...
edhelas committed Oct 22, 2019
1 parent 7a9ef33 commit 71fcff40d70abd84f10baa252f86eba64264e841
@@ -8,6 +8,8 @@ class Bookmark2 extends Payload
{
public function handle($stanza, $parent = false)
{
if (current(explode('/', (string)$parent->attributes()->from)) != \App\User::me()->id) return;
$conference = new Conference;
$conference->conference = (string)$stanza->items->item->attributes()->id;
@@ -9,7 +9,6 @@ class DiscoInfo extends Payload
public function handle($stanza, $parent = false)
{
$jid = (string)$parent->attributes()->from;
$to = current(explode('/', (string)$parent->attributes()->to));
$id = (string)$parent->attributes()->id;
Disco::answer($jid, $id);
@@ -2,7 +2,6 @@
namespace Moxl\Xec\Payload;
use Movim\User;
use Movim\Session;
class MAMResult extends Payload
@@ -3,14 +3,11 @@
namespace Moxl\Xec\Payload;
use Movim\ChatStates;
use App\Reaction;
class Message extends Payload
{
public function handle($stanza, $parent = false)
{
$to = current(explode('/', (string)$stanza->attributes()->to));
if ($stanza->confirm
&& $stanza->confirm->attributes()->xmlns == 'http://jabber.org/protocol/http-auth') {
return;
@@ -27,7 +27,6 @@
use Movim\Widget\Wrapper;
use Moxl\Xec\Payload\Packet;
use Moxl\Utils;
abstract class Payload
{
@@ -9,6 +9,8 @@ class Roster extends Payload
{
public function handle($stanza, $parent = false)
{
if (current(explode('/', (string)$parent->attributes()->from)) != \App\User::me()->id) return;
if ((string)$parent->attributes()->type == 'set') {
$jid = current(explode('/', (string)$stanza->item->attributes()->jid));

0 comments on commit 71fcff4

Please sign in to comment.
You can’t perform that action at this time.