From dfea1730dcb7f75189ede3f8ee71c5421d2aa5ed Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Wed, 3 Sep 2014 12:09:11 +0100
Subject: apidocs: mtime_age > last_active_ago. Presence REST: Sanity check
 values in invite/drop arrays.

---
 synapse/rest/presence.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'synapse/rest')

diff --git a/synapse/rest/presence.py b/synapse/rest/presence.py
index 69be6fe989..5c5adb4236 100644
--- a/synapse/rest/presence.py
+++ b/synapse/rest/presence.py
@@ -125,12 +125,20 @@ class PresenceListRestServlet(RestServlet):
 
         if "invite" in content:
             for u in content["invite"]:
+                if not isinstance(u, basestring):
+                    raise SynapseError(400, "Bad invite value.")
+                if len(u) == 0:
+                    continue
                 invited_user = self.hs.parse_userid(u)
                 deferreds.append(self.handlers.presence_handler.send_invite(
                     observer_user=user, observed_user=invited_user))
 
         if "drop" in content:
             for u in content["drop"]:
+                if not isinstance(u, basestring):
+                    raise SynapseError(400, "Bad drop value.")
+                if len(u) == 0:
+                    continue
                 dropped_user = self.hs.parse_userid(u)
                 deferreds.append(self.handlers.presence_handler.drop(
                     observer_user=user, observed_user=dropped_user))
-- 
cgit 1.4.1