Skip to content

S
sfu
Commit ed531cef authored by Juliusz Chroboczek's avatar Juliusz Chroboczek
Browse files
Options

More spoofing protection.

parent aa71205f
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 0 deletions
rtpconn/webclient.go
View file @ ed531cef
...@@ -1114,6 +1114,12 @@ func handleClientMessage(c *webClient, m clientMessage) error { ...@@ -1114,6 +1114,12 @@ func handleClientMessage(c *webClient, m clientMessage) error {
ccc.write(mm) ccc.write(mm)
} }
case "groupaction": case "groupaction":
if m.Id != c.id {
return group.UserError("wrong sender id")
}
if m.Username != "" && m.Username != c.username {
return group.UserError("wrong sender username")
}
switch m.Kind { switch m.Kind {
case "clearchat": case "clearchat":
c.group.ClearChatHistory() c.group.ClearChatHistory()
...@@ -1162,6 +1168,12 @@ func handleClientMessage(c *webClient, m clientMessage) error { ...@@ -1162,6 +1168,12 @@ func handleClientMessage(c *webClient, m clientMessage) error {
return group.ProtocolError("unknown group action") return group.ProtocolError("unknown group action")
} }
case "useraction": case "useraction":
if m.Id != c.id {
return group.UserError("wrong sender id")
}
if m.Username != "" && m.Username != c.username {
return group.UserError("wrong sender username")
}
switch m.Kind { switch m.Kind {
case "op", "unop", "present", "unpresent": case "op", "unop", "present", "unpresent":
if !c.permissions.Op { if !c.permissions.Op {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7