[ejabberd] mod muc - actor element

Purvesh Sahoo jimpu2 at gmail.com
Wed Apr 24 07:07:25 MSK 2013


Hi,

I've updated my code to include only the nick of the admin.

Thanks,
Purvesh


On Tue, Apr 23, 2013 at 1:39 AM, Badlop <badlop at gmail.com> wrote:

> On 22 April 2013 04:53, Purvesh Sahoo <jimpu2 at gmail.com> wrote:
>
> I implemented support for this, so I thought I'd share what I had till
>> now. I've attached a patch for this.
>>
>
>
> The XEP says ( http://xmpp.org/extensions/xep-0045.html#kick )
> > The service MUST remove the kicked occupant by sending a presence stanza
> of type "unavailable" to each kicked occupant, including [...] the roomnick
> or bare JID of the user who initiated the kick.
>
> but your code sends the full JID, not the roomnick or bare JID:
>     <item affiliation='none'
> role='none'>
>       <actor jid='user1admin at localhost/tkabber-home'/>
>     </item>
>
> That example room was configured to display occupant full JIDs only to
> room admins, but the kicked occupant got the admin full JID without being
> admin at all. In conclusion, that patch introduces a way to leak
> information.
>
> Can you take a look if it's simple to update your code to provide only the
> kicker room nick, instead of its full JID?
>
>
> --
> Badlop
> ProcessOne
>
> _______________________________________________
> ejabberd mailing list
> ejabberd at jabber.ru
> http://lists.jabber.ru/mailman/listinfo/ejabberd
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20130423/20ece9cb/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: actor.patch
Type: application/octet-stream
Size: 4112 bytes
Desc: not available
URL: <http://lists.jabber.ru/pipermail/ejabberd/attachments/20130423/20ece9cb/attachment.obj>


More information about the ejabberd mailing list