From b6ee0585bd0329e1841196b8e8a893630e1850d6 Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Mon, 20 Jul 2015 13:55:19 +0100
Subject: Parse the ID given to /invite|ban|kick to make sure it looks like a
 user ID.

---
 synapse/rest/client/v1/room.py | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'synapse/rest/client/v1/room.py')

diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index 0346afb1b4..639795df28 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -412,6 +412,8 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
             if "user_id" not in content:
                 raise SynapseError(400, "Missing user_id key.")
             state_key = content["user_id"]
+            # make sure it looks like a user ID; it'll throw if it's invalid.
+            UserID.from_string(state_key);
 
             if membership_action == "kick":
                 membership_action = "leave"
-- 
cgit 1.4.1


From ddef5ea1267e3ec2df95b4811f1f59755a35639f Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Mon, 20 Jul 2015 14:02:36 +0100
Subject: Remove semicolon.

---
 synapse/rest/client/v1/room.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'synapse/rest/client/v1/room.py')

diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index 639795df28..b4a70cba99 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -413,7 +413,7 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
                 raise SynapseError(400, "Missing user_id key.")
             state_key = content["user_id"]
             # make sure it looks like a user ID; it'll throw if it's invalid.
-            UserID.from_string(state_key);
+            UserID.from_string(state_key)
 
             if membership_action == "kick":
                 membership_action = "leave"
-- 
cgit 1.4.1