diff options
| author | Daniel Wagner-Hall <dawagner@gmail.com> | 2016-02-24 08:50:28 +0000 |
|---|---|---|
| committer | Daniel Wagner-Hall <dawagner@gmail.com> | 2016-02-24 08:50:28 +0000 |
| commit | 869580206daa5aa940d079fc907f75dea7770505 (patch) | |
| tree | e5320a37ed78d23732dad9d3d1ccc5ddc8800d5f /synapse/rest/client/v1/room.py | |
| parent | Merge pull request #603 from matrix-org/erikj/presence (diff) | |
| download | synapse-869580206daa5aa940d079fc907f75dea7770505.tar.xz | |
Ignore invalid POST bodies when joining rooms
Diffstat (limited to 'synapse/rest/client/v1/room.py')
| -rw-r--r-- | synapse/rest/client/v1/room.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py index 07a2a5dd82..f5ed4f7302 100644 --- a/synapse/rest/client/v1/room.py +++ b/synapse/rest/client/v1/room.py @@ -228,7 +228,12 @@ class JoinRoomAliasServlet(ClientV1RestServlet): allow_guest=True, ) - content = _parse_json(request) + try: + content = _parse_json(request) + except: + # Turns out we used to ignore the body entirely, and some clients + # cheekily send invalid bodies. + content = {} if RoomID.is_valid(room_identifier): room_id = room_identifier @@ -427,7 +432,12 @@ class RoomMembershipRestServlet(ClientV1RestServlet): }: raise AuthError(403, "Guest access not allowed") - content = _parse_json(request) + try: + content = _parse_json(request) + except: + # Turns out we used to ignore the body entirely, and some clients + # cheekily send invalid bodies. + content = {} if membership_action == "invite" and self._has_3pid_invite_keys(content): yield self.handlers.room_member_handler.do_3pid_invite( |