summary refs log tree commit diff
path: root/synapse/secrets.py
diff options
context:
space:
mode:
authorAndrew Morgan <1342360+anoadragon453@users.noreply.github.com>2021-03-17 16:51:55 +0000
committerGitHub <noreply@github.com>2021-03-17 16:51:55 +0000
commit7b06f85c0e18b62775f12789fdf4adb6a0a47a4b (patch)
treed0cb45f79946c7600b77ee45e7be197950fde319 /synapse/secrets.py
parentFix up types for the typing handler. (#9638) (diff)
downloadsynapse-7b06f85c0e18b62775f12789fdf4adb6a0a47a4b.tar.xz
Ensure we use a copy of the event content dict before modifying it in serialize_event (#9585)
This bug was discovered by DINUM. We were modifying `serialized_event["content"]`, which - if you've got `USE_FROZEN_DICTS` turned on or are [using a third party rules module](https://github.com/matrix-org/synapse/blob/17cd48fe5171d50da4cb59db647b993168e7dfab/synapse/events/third_party_rules.py#L73-L76) - will raise a 500 if you try to a edit a reply to a message.

`serialized_event["content"]` could be set to the edit event's content, instead of a copy of it, which is bad as we attempt to modify it. Instead, we also end up modifying the original event's content. DINUM uses a third party rules module, which meant the event's content got frozen and thus an exception was raised.

To be clear, the problem is not that the event's content was frozen. In fact doing so helped us uncover the fact we weren't copying event content correctly.
Diffstat (limited to 'synapse/secrets.py')
0 files changed, 0 insertions, 0 deletions