[Server-devel] [PATCH] mod_shared_roster: Sanity check in remove_user_from_group() and add_user_to_group()

martin.langhoff at gmail.com martin.langhoff at gmail.com
Fri Apr 17 14:42:33 EDT 2009


From: Martin Langhoff <martin at laptop.org>

When handling special users ('@all@', '@online', '@recent@', '@nearby@'),
ensure we are dealing with the localhost.

---

Is Host guaranteed to be local?
---
 src/mod_shared_roster.erl |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/src/mod_shared_roster.erl b/src/mod_shared_roster.erl
index 1eb8e9a..b08b5e5 100644
--- a/src/mod_shared_roster.erl
+++ b/src/mod_shared_roster.erl
@@ -623,6 +623,10 @@ add_user_to_group(Host, US, Group) ->
     
     case regexp:match(LUser, "^@.+@$") of
 	{match,_,_} ->
+
+	    % Sanity check - magic groups can only be manipulated locally
+	    Host = LServer,
+
 	    GroupOpts = mod_shared_roster:get_group_opts(Host, Group),
 	    AllUsersOpt =
 		case LUser == "@all@" of
@@ -674,6 +678,10 @@ remove_user_from_group(Host, US, Group) ->
     case regexp:match(LUser, "^@.+@$") of
 	{match,_,_} ->
 	    GroupOpts = mod_shared_roster:get_group_opts(Host, Group),
+
+	    % Sanity check - magic groups can only be manipulated locally
+	    Host = LServer,
+
 	    case LUser of
 		"@all@" ->
 		    NewGroupOpts = lists:filter(fun(X) -> X/={all_users,true} end, GroupOpts);
-- 
1.5.6.6



More information about the Server-devel mailing list