summary refs log tree commit diff
path: root/synapse/handlers/room_member.py
diff options
context:
space:
mode:
authorBrendan Abolivier <babolivier@matrix.org>2022-02-08 13:25:54 +0000
committerBrendan Abolivier <babolivier@matrix.org>2022-02-08 13:25:54 +0000
commit0b561a0ea1384db214c274f45b160c538d2ab65d (patch)
treeaad71a937464551ac28cae53e36820f669431980 /synapse/handlers/room_member.py
parentUse changelog from develop (diff)
parentFix wording (diff)
downloadsynapse-0b561a0ea1384db214c274f45b160c538d2ab65d.tar.xz
Merge branch 'release-v1.52'
Diffstat (limited to 'synapse/handlers/room_member.py')
-rw-r--r--synapse/handlers/room_member.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py
index 6aa910dd10..3dd5e1b6e4 100644
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@@ -590,6 +590,12 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
                 errcode=Codes.BAD_JSON,
             )
 
+        if "avatar_url" in content:
+            if not await self.profile_handler.check_avatar_size_and_mime_type(
+                content["avatar_url"],
+            ):
+                raise SynapseError(403, "This avatar is not allowed", Codes.FORBIDDEN)
+
         # The event content should *not* include the authorising user as
         # it won't be properly signed. Strip it out since it might come
         # back from a client updating a display name / avatar.