Mercurial > prosody-hg
changeset 13888:0dd82a8f1913 13.0 13.0.2
MUC: Ensure allow MUC PM setting has valid value (fixes #1933)
In case allow PM is set to "affiliated" or something other than a valid
role name, but the user is not affiliated, the valid_roles lookup would
return nil, triggering a comparison error.
This ensures that the setting is validated going in and out of the
database and that the "affiliated" case proceeds correctly.
Also adds a compat mapping for the value "anyone", used in XEP-0045 and
submitted by default by Gajim.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sun, 25 May 2025 15:36:17 +0200 |
| parents | cbb8dc92daa9 |
| children | 9c48d555c8a6 8769ca1b4c0f |
| files | plugins/muc/restrict_pm.lib.lua |
| diffstat | 1 files changed, 9 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/muc/restrict_pm.lib.lua Sat May 24 15:53:46 2025 +0200 +++ b/plugins/muc/restrict_pm.lib.lua Sun May 25 15:36:17 2025 +0200 @@ -11,15 +11,19 @@ participants = "participant"; moderators = "moderator"; members = "affiliated"; + anyone = "visitor"; }; local function get_allow_pm(room) local val = room._data.allow_pm; - return compat_map[val] or val or "visitor"; + val = compat_map[val] or val or "visitor"; + if not (val == "affiliated" or valid_roles[val]) then return "visitor"; end + return val; end local function set_allow_pm(room, val) if get_allow_pm(room) == val then return false; end + if not (val == "affiliated" or valid_roles[val]) then return false end room._data.allow_pm = val; return true; end @@ -93,8 +97,10 @@ local pmval = get_allow_pm(room); if pmval ~= "none" then - if pmval == "affiliated" and room:get_affiliation(from_occupant.bare_jid) then - return; -- Allow from affiliated users + if pmval == "affiliated" then + if room:get_affiliation(from_occupant.bare_jid) then + return; -- Allow from affiliated users + end elseif valid_roles[from_occupant.role] >= valid_roles[pmval] then module:log("debug", "Allowing PM: %s(%d) >= %s(%d)", from_occupant.role, valid_roles[from_occupant.role], pmval, valid_roles[pmval]); return; -- Allow from a permitted role
