aboutsummaryrefslogtreecommitdiff
path: root/xmpp-vala
diff options
context:
space:
mode:
authorlinkmauve <linkmauve@linkmauve.fr>2021-11-28 22:54:48 +0100
committerGitHub <noreply@github.com>2021-11-28 22:54:48 +0100
commit905f93bcccd26a035cc9d37378b45ff87298adb5 (patch)
treecf291a1ef970e87f08f24a5228c8b622d18989d3 /xmpp-vala
parente7500138a97500e155f6f7435c29874e1391b318 (diff)
downloaddino-905f93bcccd26a035cc9d37378b45ff87298adb5.tar.gz
dino-905f93bcccd26a035cc9d37378b45ff87298adb5.zip
Reject non-TLS URLs in HTTP File Upload (#1098)
* Reject non-TLS URLs in HTTP File Upload This is a MUST in the XEP. * Update 0363_http_file_upload.vala Co-authored-by: fiaxh <fiaxh@users.noreply.github.com>
Diffstat (limited to 'xmpp-vala')
-rw-r--r--xmpp-vala/src/module/xep/0363_http_file_upload.vala5
1 files changed, 5 insertions, 0 deletions
diff --git a/xmpp-vala/src/module/xep/0363_http_file_upload.vala b/xmpp-vala/src/module/xep/0363_http_file_upload.vala
index 0acc9602..996128e2 100644
--- a/xmpp-vala/src/module/xep/0363_http_file_upload.vala
+++ b/xmpp-vala/src/module/xep/0363_http_file_upload.vala
@@ -72,6 +72,11 @@ public class Module : XmppStreamModule {
Idle.add((owned) callback);
return;
}
+ if (!url_get.down().has_prefix("https://") || !url_put.down().has_prefix("https://")) {
+ e = new HttpFileTransferError.SLOT_REQUEST("Error getting upload/download url: Received non-https URL from server");
+ Idle.add((owned) callback);
+ return;
+ }
slot_result.headers = new HashMap<string, string>();