Do more validation of incoming request

2024-10-01 11:49:51 -04:00 · 2015-03-18 11:30:04 +00:00 · 2015-03-18 11:30:04 +00:00 · 57976f646f
commit 57976f646f
parent 8bad40701b
1 changed files with 3 additions and 3 deletions
--- a/synapse/rest/client/v1/register.py
+++ b/synapse/rest/client/v1/register.py
@ -316,11 +316,11 @@ class RegisterRestServlet(ClientV1RestServlet):
    def _do_shared_secret(self, request, register_json, session):
        yield run_on_reactor()

-        if "mac" not in register_json:
+        if not isinstance(register_json.get("mac", None), basestring):
            raise SynapseError(400, "Expected mac.")
-        if "user" not in register_json:
+        if not isinstance(register_json.get("user", None), basestring):
            raise SynapseError(400, "Expected 'user' key.")
-        if "password" not in register_json:
+        if not isinstance(register_json.get("password", None), basestring):
            raise SynapseError(400, "Expected 'password' key.")

        if not self.hs.config.registration_shared_secret: