diff options
author | Brendan Abolivier <babolivier@matrix.org> | 2022-02-08 13:25:54 +0000 |
---|---|---|
committer | Brendan Abolivier <babolivier@matrix.org> | 2022-02-08 13:25:54 +0000 |
commit | 0b561a0ea1384db214c274f45b160c538d2ab65d (patch) | |
tree | aad71a937464551ac28cae53e36820f669431980 /synapse/handlers/room_member.py | |
parent | Use changelog from develop (diff) | |
parent | Fix wording (diff) | |
download | synapse-0b561a0ea1384db214c274f45b160c538d2ab65d.tar.xz |
Merge branch 'release-v1.52'
Diffstat (limited to 'synapse/handlers/room_member.py')
-rw-r--r-- | synapse/handlers/room_member.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 6aa910dd10..3dd5e1b6e4 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -590,6 +590,12 @@ class RoomMemberHandler(metaclass=abc.ABCMeta): errcode=Codes.BAD_JSON, ) + if "avatar_url" in content: + if not await self.profile_handler.check_avatar_size_and_mime_type( + content["avatar_url"], + ): + raise SynapseError(403, "This avatar is not allowed", Codes.FORBIDDEN) + # The event content should *not* include the authorising user as # it won't be properly signed. Strip it out since it might come # back from a client updating a display name / avatar. |