1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-22 16:45:58 +01:00

Protect against chat message spoofing.

This commit is contained in:
Juliusz Chroboczek 2020-11-30 15:22:00 +01:00
parent f9e0573654
commit 74b3683cf1

View file

@ -1069,6 +1069,13 @@ func handleClientMessage(c *webClient, m clientMessage) error {
log.Printf("ICE: %v", err)
}
case "chat", "usermessage":
if m.Id != c.id {
return group.UserError("wrong sender id")
}
if m.Username != "" && m.Username != c.username {
return group.UserError("wrong sender username")
}
tm := group.ToJSTime(time.Now())
if m.Type == "chat" {
if m.Dest == "" {