diff options
author | Daniel Gultsch <daniel@gultsch.de> | 2018-11-27 21:13:42 +0100 |
---|---|---|
committer | fiaxh <fiaxh@users.noreply.github.com> | 2018-11-27 21:20:53 +0100 |
commit | 542744ade258a77e6b1984c924f1398f88e5bb83 (patch) | |
tree | d19e81a6a2a7b085360c9dd3ceaf21ac495f5333 | |
parent | 34ab3de0ba541a5c1d7868a3eda73cddeed5859d (diff) | |
download | dino-542744ade258a77e6b1984c924f1398f88e5bb83.tar.gz dino-542744ade258a77e6b1984c924f1398f88e5bb83.zip |
support jpeg pep avatars + actually check hash
-rw-r--r-- | xmpp-vala/src/module/xep/0084_user_avatars.vala | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/xmpp-vala/src/module/xep/0084_user_avatars.vala b/xmpp-vala/src/module/xep/0084_user_avatars.vala index 92ac54e2..8fb9f58d 100644 --- a/xmpp-vala/src/module/xep/0084_user_avatars.vala +++ b/xmpp-vala/src/module/xep/0084_user_avatars.vala @@ -40,7 +40,8 @@ namespace Xmpp.Xep.UserAvatars { public void on_pupsub_event(XmppStream stream, Jid jid, string id, StanzaNode? node) { StanzaNode? info_node = node.get_subnode("info", NS_URI_METADATA); - if (info_node == null || info_node.get_attribute("type") != "image/png") return; + string? type = info_node == null ? null : info_node.get_attribute("type"); + if (type != "image/png" && type != "image/jpeg") return; if (storage.has_image(id)) { stream.get_module(Module.IDENTITY).received_avatar(stream, jid, id); } else { @@ -52,8 +53,16 @@ namespace Xmpp.Xep.UserAvatars { public override string get_id() { return IDENTITY.id; } private void on_pubsub_data_response(XmppStream stream, Jid jid, string? id, StanzaNode? node) { - if (node == null) return; - storage.store(id, Base64.decode(node.get_string_content())); + if (node == null || id == null) { + return; + } + uint8[] image = Base64.decode(node.get_string_content()); + string sha1 = Checksum.compute_for_data(ChecksumType.SHA1, image); + if (sha1 != id) { + warning("sha sum did not match for avatar from "+jid.to_string()+" expected="+id+", actual="+sha1); + return; + } + storage.store(id, image); stream.get_module(Module.IDENTITY).received_avatar(stream, jid, id); } } |