tileradotorg/synapse
1
0
Fork 0
forked from MirrorHub/synapse
Code Pull requests Activity

Deny redaction of events in a different room.

Browse source 
We already correctly filter out such redactions, but we should also deny
them over the CS API.
This commit is contained in:
Erik Johnston 2019-07-31 16:03:14 +01:00
parent 72167fb394
commit cf89266b98
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
synapse/handlers/message.py
View file

@ -795,7 +795,6 @@ class EventCreationHandler(object):
get_prev_content=False, get_prev_content=False,
allow_rejected=False, allow_rejected=False,
allow_none=True, allow_none=True,
check_room_id=event.room_id,
) )
# we can make some additional checks now if we have the original event. # we can make some additional checks now if we have the original event.
@ -803,6 +802,9 @@ class EventCreationHandler(object):
if original_event.type == EventTypes.Create: if original_event.type == EventTypes.Create:
raise AuthError(403, "Redacting create events is not permitted") raise AuthError(403, "Redacting create events is not permitted")
if original_event.room_id != event.room_id:
raise SynapseError(400, "Cannot redact event from a different room")
prev_state_ids = yield context.get_prev_state_ids(self.store) prev_state_ids = yield context.get_prev_state_ids(self.store)
auth_events_ids = yield self.auth.compute_auth_events( auth_events_ids = yield self.auth.compute_auth_events(
event, prev_state_ids, for_verification=True event, prev_state_ids, for_verification=True