Validate room ids

author: Erik Johnston <erik@matrix.org> 2017-10-11 13:15:44 +0100
committer: Erik Johnston <erik@matrix.org> 2017-10-11 13:15:44 +0100
commit: ec954f47fb7a1aaa176a7fbf7ca8e683cf428af8 (patch)
tree: 8012f5c5c308c02adb47e72010eb710af6a7f4c9
parent: Don't corrupt cache (diff)
download: synapse-ec954f47fb7a1aaa176a7fbf7ca8e683cf428af8.tar.xz
1 files changed, 5 insertions, 1 deletions
diff --git a/synapse/groups/groups_server.py b/synapse/groups/groups_server.py
index 991cc12cce..6a85908dd6 100644
--- a/synapse/groups/groups_server.py
+++ b/synapse/groups/groups_server.py
@@ -16,7 +16,7 @@
 from twisted.internet import defer
 
 from synapse.api.errors import SynapseError
-from synapse.types import UserID, get_domain_from_id
+from synapse.types import UserID, get_domain_from_id, RoomID
 
 
 import logging
@@ -160,6 +160,8 @@ class GroupsServerHandler(object):
         """
         yield self.check_group_is_ours(group_id, and_exists=True, and_is_admin=user_id)
 
+        RoomID.from_string(room_id)  # Ensure valid room id
+
         order = content.get("order", None)
 
         is_public = _parse_visibility_from_contents(content)
@@ -463,6 +465,8 @@ class GroupsServerHandler(object):
     def add_room_to_group(self, group_id, requester_user_id, room_id, content):
         """Add room to group
         """
+        RoomID.from_string(room_id)  # Ensure valid room id
+
         yield self.check_group_is_ours(
             group_id, and_exists=True, and_is_admin=requester_user_id
         )
author	Erik Johnston <erik@matrix.org>	2017-10-11 13:15:44 +0100
committer	Erik Johnston <erik@matrix.org>	2017-10-11 13:15:44 +0100
commit	ec954f47fb7a1aaa176a7fbf7ca8e683cf428af8 (patch)
tree	8012f5c5c308c02adb47e72010eb710af6a7f4c9
parent	Don't corrupt cache (diff)
download	synapse-ec954f47fb7a1aaa176a7fbf7ca8e683cf428af8.tar.xz