[Server-devel] [PATCH] mod_shared_roster: Sanity check in remove_user_from_group() and add_user_to_group()
martin.langhoff at gmail.com
martin.langhoff at gmail.com
Fri Apr 17 14:42:33 EDT 2009
From: Martin Langhoff <martin at laptop.org>
When handling special users ('@all@', '@online', '@recent@', '@nearby@'),
ensure we are dealing with the localhost.
---
Is Host guaranteed to be local?
---
src/mod_shared_roster.erl | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/src/mod_shared_roster.erl b/src/mod_shared_roster.erl
index 1eb8e9a..b08b5e5 100644
--- a/src/mod_shared_roster.erl
+++ b/src/mod_shared_roster.erl
@@ -623,6 +623,10 @@ add_user_to_group(Host, US, Group) ->
case regexp:match(LUser, "^@.+@$") of
{match,_,_} ->
+
+ % Sanity check - magic groups can only be manipulated locally
+ Host = LServer,
+
GroupOpts = mod_shared_roster:get_group_opts(Host, Group),
AllUsersOpt =
case LUser == "@all@" of
@@ -674,6 +678,10 @@ remove_user_from_group(Host, US, Group) ->
case regexp:match(LUser, "^@.+@$") of
{match,_,_} ->
GroupOpts = mod_shared_roster:get_group_opts(Host, Group),
+
+ % Sanity check - magic groups can only be manipulated locally
+ Host = LServer,
+
case LUser of
"@all@" ->
NewGroupOpts = lists:filter(fun(X) -> X/={all_users,true} end, GroupOpts);
--
1.5.6.6
More information about the Server-devel
mailing list