diff options
| author | Patrick Cloke <patrickc@matrix.org> | 2020-07-02 10:54:29 -0400 |
|---|---|---|
| committer | Patrick Cloke <patrickc@matrix.org> | 2020-07-02 10:54:29 -0400 |
| commit | fedb632d0a22e4bad179a9b48be28a3a552315c9 (patch) | |
| tree | 9f05e09e55851f8e272a5e1f722472f5aef04050 /synapse/rest/client/v2_alpha/register.py | |
| parent | Update postgres in the Docker compose example to 12-alpine. (#7696) (diff) | |
| parent | Remove an extraneous space. (diff) | |
| download | synapse-fedb632d0a22e4bad179a9b48be28a3a552315c9.tar.xz | |
Merge tag 'v1.15.2'
Synapse 1.15.2 (2020-07-02) =========================== Due to the two security issues highlighted below, server administrators are encouraged to update Synapse. We are not aware of these vulnerabilities being exploited in the wild. Security advisory ----------------- * A malicious homeserver could force Synapse to reset the state in a room to a small subset of the correct state. This affects all Synapse deployments which federate with untrusted servers. ([96e9afe6](https://github.com/matrix-org/synapse/commit/96e9afe62500310977dc3cbc99a8d16d3d2fa15c)) * HTML pages served via Synapse were vulnerable to clickjacking attacks. This predominantly affects homeservers with single-sign-on enabled, but all server administrators are encouraged to upgrade. ([ea26e9a9](https://github.com/matrix-org/synapse/commit/ea26e9a98b0541fc886a1cb826a38352b7599dbe)) This was reported by [Quentin Gliech](https://sandhose.fr/).
Diffstat (limited to 'synapse/rest/client/v2_alpha/register.py')
| -rw-r--r-- | synapse/rest/client/v2_alpha/register.py | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py index b9ffe86b2a..c8d2de7b54 100644 --- a/synapse/rest/client/v2_alpha/register.py +++ b/synapse/rest/client/v2_alpha/register.py @@ -38,7 +38,7 @@ from synapse.config.ratelimiting import FederationRateLimitConfig from synapse.config.registration import RegistrationConfig from synapse.config.server import is_threepid_reserved from synapse.handlers.auth import AuthHandler -from synapse.http.server import finish_request +from synapse.http.server import finish_request, respond_with_html from synapse.http.servlet import ( RestServlet, assert_params_in_dict, @@ -306,17 +306,15 @@ class RegistrationSubmitTokenServlet(RestServlet): # Otherwise show the success template html = self.config.email_registration_template_success_html_content - - request.setResponseCode(200) + status_code = 200 except ThreepidValidationError as e: - request.setResponseCode(e.code) + status_code = e.code # Show a failure page with a reason template_vars = {"failure_reason": e.msg} html = self.failure_email_template.render(**template_vars) - request.write(html.encode("utf-8")) - finish_request(request) + respond_with_html(request, status_code, html) class UsernameAvailabilityRestServlet(RestServlet): |