mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-10-01 11:49:51 -04:00
Fix errors when updating the user directory with invalid data (#8223)
This commit is contained in:
parent
b5133dd97f
commit
b939251c37
1
changelog.d/8223.bugfix
Normal file
1
changelog.d/8223.bugfix
Normal file
@ -0,0 +1 @@
|
||||
Fixes a longstanding bug where user directory updates could break when unexpected profile data was included in events.
|
@ -161,6 +161,9 @@ class BaseProfileHandler(BaseHandler):
|
||||
Codes.FORBIDDEN,
|
||||
)
|
||||
|
||||
if not isinstance(new_displayname, str):
|
||||
raise SynapseError(400, "Invalid displayname")
|
||||
|
||||
if len(new_displayname) > MAX_DISPLAYNAME_LEN:
|
||||
raise SynapseError(
|
||||
400, "Displayname is too long (max %i)" % (MAX_DISPLAYNAME_LEN,)
|
||||
@ -235,6 +238,9 @@ class BaseProfileHandler(BaseHandler):
|
||||
400, "Changing avatar is disabled on this server", Codes.FORBIDDEN
|
||||
)
|
||||
|
||||
if not isinstance(new_avatar_url, str):
|
||||
raise SynapseError(400, "Invalid displayname")
|
||||
|
||||
if len(new_avatar_url) > MAX_AVATAR_URL_LEN:
|
||||
raise SynapseError(
|
||||
400, "Avatar URL is too long (max %i)" % (MAX_AVATAR_URL_LEN,)
|
||||
|
@ -234,7 +234,7 @@ class UserDirectoryHandler(StateDeltasHandler):
|
||||
async def _handle_room_publicity_change(
|
||||
self, room_id, prev_event_id, event_id, typ
|
||||
):
|
||||
"""Handle a room having potentially changed from/to world_readable/publically
|
||||
"""Handle a room having potentially changed from/to world_readable/publicly
|
||||
joinable.
|
||||
|
||||
Args:
|
||||
@ -388,9 +388,15 @@ class UserDirectoryHandler(StateDeltasHandler):
|
||||
|
||||
prev_name = prev_event.content.get("displayname")
|
||||
new_name = event.content.get("displayname")
|
||||
# If the new name is an unexpected form, do not update the directory.
|
||||
if not isinstance(new_name, str):
|
||||
new_name = prev_name
|
||||
|
||||
prev_avatar = prev_event.content.get("avatar_url")
|
||||
new_avatar = event.content.get("avatar_url")
|
||||
# If the new avatar is an unexpected form, do not update the directory.
|
||||
if not isinstance(new_avatar, str):
|
||||
new_avatar = prev_avatar
|
||||
|
||||
if prev_name != new_name or prev_avatar != new_avatar:
|
||||
await self.store.update_profile_in_user_dir(user_id, new_name, new_avatar)
|
||||
|
@ -371,6 +371,11 @@ class UserDirectoryBackgroundUpdateStore(StateDeltasStore):
|
||||
"""
|
||||
Update or add a user's profile in the user directory.
|
||||
"""
|
||||
# If the display name or avatar URL are unexpected types, overwrite them.
|
||||
if not isinstance(display_name, str):
|
||||
display_name = None
|
||||
if not isinstance(avatar_url, str):
|
||||
avatar_url = None
|
||||
|
||||
def _update_profile_in_user_dir_txn(txn):
|
||||
new_entry = self.db_pool.simple_upsert_txn(
|
||||
|
Loading…
Reference in New Issue
Block a user