diff options
author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2021-03-17 16:51:55 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-17 16:51:55 +0000 |
commit | 7b06f85c0e18b62775f12789fdf4adb6a0a47a4b (patch) | |
tree | d0cb45f79946c7600b77ee45e7be197950fde319 /synapse/secrets.py | |
parent | Fix up types for the typing handler. (#9638) (diff) | |
download | synapse-7b06f85c0e18b62775f12789fdf4adb6a0a47a4b.tar.xz |
Ensure we use a copy of the event content dict before modifying it in serialize_event (#9585)
This bug was discovered by DINUM. We were modifying `serialized_event["content"]`, which - if you've got `USE_FROZEN_DICTS` turned on or are [using a third party rules module](https://github.com/matrix-org/synapse/blob/17cd48fe5171d50da4cb59db647b993168e7dfab/synapse/events/third_party_rules.py#L73-L76) - will raise a 500 if you try to a edit a reply to a message. `serialized_event["content"]` could be set to the edit event's content, instead of a copy of it, which is bad as we attempt to modify it. Instead, we also end up modifying the original event's content. DINUM uses a third party rules module, which meant the event's content got frozen and thus an exception was raised. To be clear, the problem is not that the event's content was frozen. In fact doing so helped us uncover the fact we weren't copying event content correctly.
Diffstat (limited to 'synapse/secrets.py')
0 files changed, 0 insertions, 0 deletions