0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-12-14 10:53:54 +01:00

Parse the ID given to /invite|ban|kick to make sure it looks like a user ID.

This commit is contained in:
Kegan Dougal 2015-07-20 13:55:19 +01:00
parent 4f973eb657
commit b6ee0585bd

View file

@ -412,6 +412,8 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
if "user_id" not in content:
raise SynapseError(400, "Missing user_id key.")
state_key = content["user_id"]
# make sure it looks like a user ID; it'll throw if it's invalid.
UserID.from_string(state_key);
if membership_action == "kick":
membership_action = "leave"