mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-15 02:13:52 +01:00
Fix errors when updating the user directory with invalid data (#8223)
This commit is contained in:
parent
b5133dd97f
commit
b939251c37
4 changed files with 19 additions and 1 deletions
1
changelog.d/8223.bugfix
Normal file
1
changelog.d/8223.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Fixes a longstanding bug where user directory updates could break when unexpected profile data was included in events.
|
|
@ -161,6 +161,9 @@ class BaseProfileHandler(BaseHandler):
|
||||||
Codes.FORBIDDEN,
|
Codes.FORBIDDEN,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if not isinstance(new_displayname, str):
|
||||||
|
raise SynapseError(400, "Invalid displayname")
|
||||||
|
|
||||||
if len(new_displayname) > MAX_DISPLAYNAME_LEN:
|
if len(new_displayname) > MAX_DISPLAYNAME_LEN:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400, "Displayname is too long (max %i)" % (MAX_DISPLAYNAME_LEN,)
|
400, "Displayname is too long (max %i)" % (MAX_DISPLAYNAME_LEN,)
|
||||||
|
@ -235,6 +238,9 @@ class BaseProfileHandler(BaseHandler):
|
||||||
400, "Changing avatar is disabled on this server", Codes.FORBIDDEN
|
400, "Changing avatar is disabled on this server", Codes.FORBIDDEN
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if not isinstance(new_avatar_url, str):
|
||||||
|
raise SynapseError(400, "Invalid displayname")
|
||||||
|
|
||||||
if len(new_avatar_url) > MAX_AVATAR_URL_LEN:
|
if len(new_avatar_url) > MAX_AVATAR_URL_LEN:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400, "Avatar URL is too long (max %i)" % (MAX_AVATAR_URL_LEN,)
|
400, "Avatar URL is too long (max %i)" % (MAX_AVATAR_URL_LEN,)
|
||||||
|
|
|
@ -234,7 +234,7 @@ class UserDirectoryHandler(StateDeltasHandler):
|
||||||
async def _handle_room_publicity_change(
|
async def _handle_room_publicity_change(
|
||||||
self, room_id, prev_event_id, event_id, typ
|
self, room_id, prev_event_id, event_id, typ
|
||||||
):
|
):
|
||||||
"""Handle a room having potentially changed from/to world_readable/publically
|
"""Handle a room having potentially changed from/to world_readable/publicly
|
||||||
joinable.
|
joinable.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
|
@ -388,9 +388,15 @@ class UserDirectoryHandler(StateDeltasHandler):
|
||||||
|
|
||||||
prev_name = prev_event.content.get("displayname")
|
prev_name = prev_event.content.get("displayname")
|
||||||
new_name = event.content.get("displayname")
|
new_name = event.content.get("displayname")
|
||||||
|
# If the new name is an unexpected form, do not update the directory.
|
||||||
|
if not isinstance(new_name, str):
|
||||||
|
new_name = prev_name
|
||||||
|
|
||||||
prev_avatar = prev_event.content.get("avatar_url")
|
prev_avatar = prev_event.content.get("avatar_url")
|
||||||
new_avatar = event.content.get("avatar_url")
|
new_avatar = event.content.get("avatar_url")
|
||||||
|
# If the new avatar is an unexpected form, do not update the directory.
|
||||||
|
if not isinstance(new_avatar, str):
|
||||||
|
new_avatar = prev_avatar
|
||||||
|
|
||||||
if prev_name != new_name or prev_avatar != new_avatar:
|
if prev_name != new_name or prev_avatar != new_avatar:
|
||||||
await self.store.update_profile_in_user_dir(user_id, new_name, new_avatar)
|
await self.store.update_profile_in_user_dir(user_id, new_name, new_avatar)
|
||||||
|
|
|
@ -371,6 +371,11 @@ class UserDirectoryBackgroundUpdateStore(StateDeltasStore):
|
||||||
"""
|
"""
|
||||||
Update or add a user's profile in the user directory.
|
Update or add a user's profile in the user directory.
|
||||||
"""
|
"""
|
||||||
|
# If the display name or avatar URL are unexpected types, overwrite them.
|
||||||
|
if not isinstance(display_name, str):
|
||||||
|
display_name = None
|
||||||
|
if not isinstance(avatar_url, str):
|
||||||
|
avatar_url = None
|
||||||
|
|
||||||
def _update_profile_in_user_dir_txn(txn):
|
def _update_profile_in_user_dir_txn(txn):
|
||||||
new_entry = self.db_pool.simple_upsert_txn(
|
new_entry = self.db_pool.simple_upsert_txn(
|
||||||
|
|
Loading…
Reference in a new issue