Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check sender for LMC messages #1898

Merged
merged 1 commit into from
Oct 17, 2023
Merged

Check sender for LMC messages #1898

merged 1 commit into from
Oct 17, 2023

Conversation

H3rnand3zzz
Copy link
Contributor

See commit message

@jubalh jubalh added this to the next milestone Oct 17, 2023
jubalh
jubalh reviewed Oct 17, 2023
View reviewed changes
src/database.c Outdated
@@ -395,7 +405,35 @@ _add_to_db(ProfMessage* message, char* type, const Jid* const from_jid, const Ji
if (!type) {
type = (char*)_get_message_type_str(message->type);
}

// Check last-message-correction validity
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be "LMC" and/or mention XEP name. Because we use it like this everywhere in the code and then we can grep for this string more easily.

jubalh
jubalh reviewed Oct 17, 2023
View reviewed changes
src/database.c Outdated Show resolved Hide resolved
@H3rnand3zzz
Check sender for LMC messages
24d0030 
When we received a message correction via `XEP-0308: Last Message Correction`
we accepted the change without checking the sender
making it possible for anybody to replace the message if the ID was known.

This change has been proposed by @jubalh
profanity-im#1893 (comment)
@H3rnand3zzz H3rnand3zzz force-pushed the fix/message-replacement-verificiation branch from 7423ffe to 24d0030 Compare October 17, 2023 09:11
@jubalh jubalh merged commit 2ae56b1 into profanity-im:master Oct 17, 2023
6 checks passed
@jubalh
Copy link
Member

jubalh commented Oct 17, 2023

Thanks for this fix!

@H3rnand3zzz
Copy link
Contributor Author

Thanks for this fix!

thank you for quick review :)

jubalh added a commit that referenced this pull request Oct 17, 2023
@jubalh
Unify error logging in database.c
3bd50fd 
Mentioned in review of:
#1898
@H3rnand3zzz H3rnand3zzz deleted the fix/message-replacement-verificiation branch November 6, 2023 11:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jubalh jubalh jubalh left review comments

Assignees

@H3rnand3zzz H3rnand3zzz

Labels
improvement
Projects
None yet
Milestone
next
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@H3rnand3zzz @jubalh