From 63810c777d8c02bc6fefa2a4bcfacb7f4df21ba2 Mon Sep 17 00:00:00 2001
From: Erik Johnston <erik@matrix.org>
Date: Fri, 12 Dec 2014 10:56:14 +0000
Subject: [PATCH] Validate message, topic and name event contents

---
 synapse/api/constants.py    |  5 +++++
 synapse/events/validator.py | 21 +++++++++++++++++++++
 synapse/handlers/message.py |  2 +-
 3 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 7e8c892b6..b668da4a2 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -68,3 +68,8 @@ class EventTypes(object):
     PowerLevels = "m.room.power_levels"
     Aliases = "m.room.aliases"
     Redaction = "m.room.redaction"
+
+    # These are used for validation
+    Message = "m.room.message"
+    Topic = "m.room.topic"
+    Name = "m.room.name"
diff --git a/synapse/events/validator.py b/synapse/events/validator.py
index 47830aa98..ebc6c30e6 100644
--- a/synapse/events/validator.py
+++ b/synapse/events/validator.py
@@ -69,3 +69,24 @@ class EventValidator(object):
         self.validate(event)
 
         UserID.from_string(event.sender)
+
+        if event.type == EventTypes.Message:
+            strings = [
+                "body",
+                "msgtype",
+            ]
+
+            self._ensure_strings(event.content, strings)
+
+        elif event.type == EventTypes.Topic:
+            self._ensure_strings(event.content, ["topic"])
+
+        elif event.type == EventTypes.Name:
+            self._ensure_strings(event.content, ["name"])
+
+    def _ensure_strings(self, d, keys):
+        for s in keys:
+            if s not in d:
+                raise SynapseError(400, "'%s' not in content" % (s,))
+            if not isinstance(d[s], basestring):
+                raise SynapseError(400, "Not '%s' a string type" % (s,))
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index f92b01a50..4fa4ffea2 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -141,7 +141,7 @@ class MessageHandler(BaseHandler):
     def handle_event(self, event_dict):
         builder = self.event_builder_factory.new(event_dict)
 
-        self.validator.validate(builder)
+        self.validator.validate_new(builder)
 
         if builder.type == EventTypes.Member:
             membership = builder.content.get("membership", None)