Mirrors
/
synapse
mirror of https://github.com/element-hq/synapse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Parse the ID given to /invite|ban|kick to make sure it looks like a user ID.

This commit is contained in:
Kegan Dougal 2015-07-20 13:55:19 +01:00
parent 4f973eb657
commit b6ee0585bd
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
synapse/rest/client/v1/room.py
View File

@ -412,6 +412,8 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
if "user_id" not in content: if "user_id" not in content:
raise SynapseError(400, "Missing user_id key.") raise SynapseError(400, "Missing user_id key.")
state_key = content["user_id"] state_key = content["user_id"]
# make sure it looks like a user ID; it'll throw if it's invalid.
UserID.from_string(state_key);
if membership_action == "kick": if membership_action == "kick":
membership_action = "leave" membership_action = "leave"