1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-12-22 23:35:46 +01:00

More spoofing protection.

This commit is contained in:
Juliusz Chroboczek 2020-11-30 15:39:44 +01:00
parent aa71205fa2
commit ed531cefc2

View file

@ -1114,6 +1114,12 @@ func handleClientMessage(c *webClient, m clientMessage) error {
ccc.write(mm)
}
case "groupaction":
if m.Id != c.id {
return group.UserError("wrong sender id")
}
if m.Username != "" && m.Username != c.username {
return group.UserError("wrong sender username")
}
switch m.Kind {
case "clearchat":
c.group.ClearChatHistory()
@ -1162,6 +1168,12 @@ func handleClientMessage(c *webClient, m clientMessage) error {
return group.ProtocolError("unknown group action")
}
case "useraction":
if m.Id != c.id {
return group.UserError("wrong sender id")
}
if m.Username != "" && m.Username != c.username {
return group.UserError("wrong sender username")
}
switch m.Kind {
case "op", "unop", "present", "unpresent":
if !c.permissions.Op {