diff options
author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2019-12-12 15:53:49 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-12-12 15:53:49 +0000 |
commit | 5bfd8855d6b9ed8bcf28a107e6654c7cd7d3da2b (patch) | |
tree | 3346709c352158cd47c9d62fc141816fdff819e9 /synapse/storage | |
parent | Check the room_id of events when fetching room state/auth (#6524) (diff) | |
download | synapse-5bfd8855d6b9ed8bcf28a107e6654c7cd7d3da2b.tar.xz |
Fix redacted events being returned in search results ordered by "recent" (#6522)
Diffstat (limited to 'synapse/storage')
-rw-r--r-- | synapse/storage/data_stores/main/search.py | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/synapse/storage/data_stores/main/search.py b/synapse/storage/data_stores/main/search.py index dfb46ee0f8..47ebb8a214 100644 --- a/synapse/storage/data_stores/main/search.py +++ b/synapse/storage/data_stores/main/search.py @@ -385,7 +385,7 @@ class SearchStore(SearchBackgroundUpdateStore): """ clauses = [] - search_query = search_query = _parse_query(self.database_engine, search_term) + search_query = _parse_query(self.database_engine, search_term) args = [] @@ -501,7 +501,7 @@ class SearchStore(SearchBackgroundUpdateStore): """ clauses = [] - search_query = search_query = _parse_query(self.database_engine, search_term) + search_query = _parse_query(self.database_engine, search_term) args = [] @@ -606,7 +606,12 @@ class SearchStore(SearchBackgroundUpdateStore): results = list(filter(lambda row: row["room_id"] in room_ids, results)) - events = yield self.get_events_as_list([r["event_id"] for r in results]) + # We set redact_behaviour to BLOCK here to prevent redacted events being returned in + # search results (which is a data leak) + events = yield self.get_events_as_list( + [r["event_id"] for r in results], + redact_behaviour=EventRedactBehaviour.BLOCK, + ) event_map = {ev.event_id: ev for ev in events} |