diff options
author | Erik Johnston <erik@matrix.org> | 2017-10-11 13:15:44 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2017-10-11 13:15:44 +0100 |
commit | ec954f47fb7a1aaa176a7fbf7ca8e683cf428af8 (patch) | |
tree | 8012f5c5c308c02adb47e72010eb710af6a7f4c9 /synapse/groups | |
parent | Don't corrupt cache (diff) | |
download | synapse-ec954f47fb7a1aaa176a7fbf7ca8e683cf428af8.tar.xz |
Validate room ids
Diffstat (limited to 'synapse/groups')
-rw-r--r-- | synapse/groups/groups_server.py | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/synapse/groups/groups_server.py b/synapse/groups/groups_server.py index 991cc12cce..6a85908dd6 100644 --- a/synapse/groups/groups_server.py +++ b/synapse/groups/groups_server.py @@ -16,7 +16,7 @@ from twisted.internet import defer from synapse.api.errors import SynapseError -from synapse.types import UserID, get_domain_from_id +from synapse.types import UserID, get_domain_from_id, RoomID import logging @@ -160,6 +160,8 @@ class GroupsServerHandler(object): """ yield self.check_group_is_ours(group_id, and_exists=True, and_is_admin=user_id) + RoomID.from_string(room_id) # Ensure valid room id + order = content.get("order", None) is_public = _parse_visibility_from_contents(content) @@ -463,6 +465,8 @@ class GroupsServerHandler(object): def add_room_to_group(self, group_id, requester_user_id, room_id, content): """Add room to group """ + RoomID.from_string(room_id) # Ensure valid room id + yield self.check_group_is_ours( group_id, and_exists=True, and_is_admin=requester_user_id ) |