diff options
author | Daniel Gultsch <daniel.gultsch@rwth-aachen.de> | 2014-05-03 17:07:37 +0200 |
---|---|---|
committer | Daniel Gultsch <daniel.gultsch@rwth-aachen.de> | 2014-05-03 17:07:37 +0200 |
commit | 4822d4dce7c8110c76dece28ccc2b3dd98698b97 (patch) | |
tree | 010a3b096a50ef17a525ab5e4a0e2076ecb7f490 | |
parent | be2f7e047a488d5ca7de04dfa5437c290882274e (diff) |
allow roster pushes only from bare jid or null
-rw-r--r-- | src/eu/siacs/conversations/services/XmppConnectionService.java | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/eu/siacs/conversations/services/XmppConnectionService.java b/src/eu/siacs/conversations/services/XmppConnectionService.java index 70d5fc03a..d554c5041 100644 --- a/src/eu/siacs/conversations/services/XmppConnectionService.java +++ b/src/eu/siacs/conversations/services/XmppConnectionService.java @@ -377,12 +377,14 @@ public class XmppConnectionService extends Service { @Override public void onIqPacketReceived(Account account, IqPacket packet) { - if (packet.hasChild("query")) { - Element query = packet.findChild("query"); - String xmlns = query.getAttribute("xmlns"); - if ((xmlns != null) && (xmlns.equals("jabber:iq:roster"))) { + if (packet.hasChild("query","jabber:iq:roster")) { + String from = packet.getFrom(); + if ((from==null)||(from.equals(account.getJid()))) { + Element query = packet.findChild("query"); processRosterItems(account, query); mergePhoneContactsWithRoster(null); + } else { + Log.d(LOGTAG,"unauthorized roster push from: "+from); } } else if (packet .hasChild("open", "http://jabber.org/protocol/ibb") |