From 59a361449dfaa01d2f8fbf48f183549e375dd1b0 Mon Sep 17 00:00:00 2001 From: ansuz Date: Mon, 30 Sep 2019 14:56:16 +0200 Subject: [PATCH] don't allow deletion of displayName or notifications via describe command --- www/common/outer/roster.js | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/www/common/outer/roster.js b/www/common/outer/roster.js index 0f446706e..ca7c48554 100644 --- a/www/common/outer/roster.js +++ b/www/common/outer/roster.js @@ -245,12 +245,22 @@ var factory = function (Util, Hash, CPNetflux, Sortify, nThen, Crypto) { // throw if they're trying to upgrade to something greater if (!canAddRole(author, data.role, members)) { throw new Error("INSUFFICIENT_PERMISSIONS"); } } - // DESCRIBE commands must initialize a displayName if it isn't already present - if (typeof(current.displayName) !== 'string' && typeof(data.displayName) !== 'string') { throw new Error('DISPLAYNAME_REQUIRED'); } + if (typeof(current.displayName) !== 'string' && typeof(data.displayName) !== 'string') { + throw new Error('DISPLAYNAME_REQUIRED'); + } + + if (['undefined', 'string'].indexOf(typeof(data.displayName)) === -1) { + throw new Error("INVALID_DISPLAYNAME"); + } // DESCRIBE commands must initialize a mailbox channel if it isn't already present - if (typeof(current.notifications) !== 'string' && typeof(data.displayName) !== 'string') { throw new Error('NOTIFICATIONS_REQUIRED'); } + if (typeof(current.notifications) !== 'string' && typeof(data.notifications) !== 'string') { + throw new Error('NOTIFICATIONS_REQUIRED'); + } + if (['undefined', 'string'].indexOf(typeof(data.notifications)) === -1) { + throw new Error("INVALID_NOTIFICATIONS"); + } }); var changed = false;