diff options
author | Kegan Dougal <kegan@matrix.org> | 2015-07-20 13:55:19 +0100 |
---|---|---|
committer | Kegan Dougal <kegan@matrix.org> | 2015-07-20 13:55:19 +0100 |
commit | b6ee0585bd0329e1841196b8e8a893630e1850d6 (patch) | |
tree | ff4f0d2ecb2d930e7feb1145dc70ed53f5c5e27e /synapse | |
parent | Up default cache size for _RoomStreamChangeCache (diff) | |
download | synapse-b6ee0585bd0329e1841196b8e8a893630e1850d6.tar.xz |
Parse the ID given to /invite|ban|kick to make sure it looks like a user ID.
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/rest/client/v1/room.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py index 0346afb1b4..639795df28 100644 --- a/synapse/rest/client/v1/room.py +++ b/synapse/rest/client/v1/room.py @@ -412,6 +412,8 @@ class RoomMembershipRestServlet(ClientV1RestServlet): if "user_id" not in content: raise SynapseError(400, "Missing user_id key.") state_key = content["user_id"] + # make sure it looks like a user ID; it'll throw if it's invalid. + UserID.from_string(state_key); if membership_action == "kick": membership_action = "leave" |