Skip to content

O
Openfire
Commit 3795fd14 authored by guus's avatar guus
Browse files
Options

OF-624: Added some defensive coding fragments (utilizing TINDER-68) that helps... 

OF-624: Added some defensive coding fragments (utilizing TINDER-68) that helps to prevent generating illegal JIDs.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13513 b35dd754-fafc-0310-a699-88a17e54d16e
parent ab6789ea
Show whitespace changes
Inline Side-by-side
Showing with 68 additions and 61 deletions
src/java/org/jivesoftware/openfire/MessageRouter.java
View file @ 3795fd14
......@@ -188,16 +188,16 @@ public class MessageRouter extends BasicModule {
}
/**
* Notification message indicating that a packet has failed to be routed to the receipient.
* Notification message indicating that a packet has failed to be routed to the recipient.
*
* @param receipient address of the entity that failed to receive the packet.
* @param packet Message packet that failed to be sent to the receipient.
* @param recipient address of the entity that failed to receive the packet.
* @param packet Message packet that failed to be sent to the recipient.
*/
public void routingFailed(JID receipient, Packet packet) {
public void routingFailed(JID recipient, Packet packet) {
// If message was sent to an unavailable full JID of a user then retry using the bare JID
if (serverName.equals(receipient.getDomain()) && receipient.getResource() != null &&
userManager.isRegisteredUser(receipient.getNode())) {
routingTable.routePacket(new JID(receipient.toBareJID()), packet, false);
if (serverName.equals(recipient.getDomain()) && recipient.getResource() != null &&
userManager.isRegisteredUser(recipient.getNode())) {
routingTable.routePacket(recipient.asBareJID(), packet, false);
} else {
// Just store the message offline
messageStrategy.storeOffline((Message) packet);
......
src/java/org/jivesoftware/openfire/SessionManager.java
View file @ 3795fd14
......@@ -664,7 +664,7 @@ public class SessionManager extends BasicModule implements ClusterEventListener
}
// Check presence's priority of other available resources
JID searchJID = new JID(session.getAddress().toBareJID());
JID searchJID = session.getAddress().asBareJID();
for (JID address : routingTable.getRoutes(searchJID, null)) {
if (address.equals(session.getAddress())) {
continue;
......
src/java/org/jivesoftware/openfire/admin/AdminManager.java
View file @ 3795fd14
......@@ -187,7 +187,7 @@ public class AdminManager {
if (adminList == null) {
loadAdminList();
}
JID bareJID = new JID(jid.toBareJID());
JID bareJID = jid.asBareJID();
if (adminList.contains(bareJID)) {
// Already have them.
return;
......@@ -228,7 +228,7 @@ public class AdminManager {
loadAdminList();
}
JID bareJID = new JID(jid.toBareJID());
JID bareJID = jid.asBareJID();
if (!adminList.contains(bareJID)) {
return;
}
......@@ -270,7 +270,7 @@ public class AdminManager {
if (allowAdminIfEmpty && adminList.isEmpty()) {
return "admin".equals(jid.getNode());
}
JID bareJID = new JID(jid.toBareJID());
JID bareJID = jid.asBareJID();
return adminList.contains(bareJID);
}
......@@ -325,7 +325,9 @@ public class AdminManager {
List<JID> admins = new ArrayList<JID>();
for (JID jid : jids)
{
admins.add(new JID(jid.toBareJID()));
if (jid != null) {
admins.add(jid.asBareJID());
}
}
adminList.addAll(admins);
provider.setAdmins(admins);
......
src/java/org/jivesoftware/openfire/clearspace/ClearspaceMUCEventDelegate.java
View file @ 3795fd14
......@@ -109,7 +109,7 @@ public class ClearspaceMUCEventDelegate extends MUCEventDelegate {
// Always allow an owner to join the room (especially since they need to join to configure the
// room on initial creation).
Collection<JID> owners = room.getOwners();
if (owners != null && owners.contains(new JID(userjid.toBareJID()))) {
if (owners != null && owners.contains(userjid.asBareJID())) {
return true;
}
......
src/java/org/jivesoftware/openfire/group/Group.java
View file @ 3795fd14
......@@ -260,7 +260,7 @@ public class Group implements Cacheable, Externalizable {
public boolean isUser(JID user) {
// Make sure that we are always checking bare JIDs
if (user != null && user.getResource() != null) {
user = new JID(user.toBareJID());
user = user.asBareJID();
}
return user != null && (members.contains(user) || administrators.contains(user));
}
......
src/java/org/jivesoftware/openfire/handler/IQOfflineMessagesHandler.java
View file @ 3795fd14
......@@ -180,7 +180,7 @@ public class IQOfflineMessagesHandler extends IQHandler implements ServerFeature
stopOfflineFlooding(senderJID);
List<DiscoItem> answer = new ArrayList<DiscoItem>();
for (OfflineMessage offlineMessage : messageStore.getMessages(senderJID.getNode(), false)) {
answer.add(new DiscoItem(new JID(senderJID.toBareJID()), offlineMessage.getFrom().toString(),
answer.add(new DiscoItem(senderJID.asBareJID(), offlineMessage.getFrom().toString(),
XMPPDateTimeFormat.format(offlineMessage.getCreationDate()), null));
}
......
src/java/org/jivesoftware/openfire/handler/PresenceSubscribeHandler.java
View file @ 3795fd14
......@@ -209,8 +209,7 @@ public class PresenceSubscribeHandler extends BasicModule implements ChannelHand
if (type == Presence.Type.subscribed) {
// Send the presence of the local user to the remote user. The remote user
// subscribed to the presence of the local user and the local user accepted
JID prober = localServer.isLocal(recipientJID) ?
new JID(recipientJID.toBareJID()) : recipientJID;
JID prober = localServer.isLocal(recipientJID) ? recipientJID.asBareJID() : recipientJID;
presenceManager.probePresence(prober, senderJID);
PresenceEventDispatcher.subscribedToPresence(recipientJID, senderJID);
}
......
src/java/org/jivesoftware/openfire/handler/PresenceUpdateHandler.java
View file @ 3795fd14
......@@ -243,10 +243,10 @@ public class PresenceUpdateHandler extends BasicModule implements ChannelHandler
for (RosterItem item : roster.getRosterItems()) {
if (item.getRecvStatus() == RosterItem.RECV_SUBSCRIBE) {
session.process(createSubscribePresence(item.getJid(),
new JID(session.getAddress().toBareJID()), true));
session.getAddress().asBareJID(), true));
} else if (item.getRecvStatus() == RosterItem.RECV_UNSUBSCRIBE) {
session.process(createSubscribePresence(item.getJid(),
new JID(session.getAddress().toBareJID()), false));
session.getAddress().asBareJID(), false));
}
if (item.getSubStatus() == RosterItem.SUB_TO
|| item.getSubStatus() == RosterItem.SUB_BOTH) {
......
src/java/org/jivesoftware/openfire/muc/MUCEventDelegate.java
View file @ 3795fd14
......@@ -116,7 +116,9 @@ public abstract class MUCEventDelegate {
if (property != null) {
String jids[] = property.split(",");
for (String jid : jids) {
room.addFirstOwner(new JID(new JID(jid.trim().toLowerCase()).toBareJID()));
if (jid != null && jid.trim().length() != 0) {
room.addFirstOwner(new JID(jid.trim().toLowerCase()).asBareJID());
}
}
}
......
src/java/org/jivesoftware/openfire/muc/cluster/AddMember.java
View file @ 3795fd14
......@@ -43,13 +43,13 @@ public class AddMember extends MUCRoomTask {
public AddMember(LocalMUCRoom room, JID bareJID, String nickname) {
super(room);
this.bareJID = new JID(bareJID.toBareJID());
this.bareJID = bareJID.asBareJID();
this.nickname = nickname;
}
public AddMember(LocalMUCRoom room, String bareJID, String nickname) {
super(room);
this.bareJID = new JID(new JID(bareJID).toBareJID());
this.bareJID = new JID(bareJID).asBareJID();
this.nickname = nickname;
}
......
src/java/org/jivesoftware/openfire/muc/spi/IQOwnerHandler.java
View file @ 3795fd14
......@@ -380,7 +380,9 @@ public class IQOwnerHandler {
for (String value : field.getValues()) {
// XEP-0045: "Affiliations are granted, revoked, and
// maintained based on the user's bare JID, (...)"
admins.add(new JID(new JID(value).toBareJID()));
if (value != null && value.trim().length() != 0) {
admins.add(new JID(value.trim()).asBareJID());
}
}
}
......@@ -392,7 +394,9 @@ public class IQOwnerHandler {
for(String value : field.getValues()) {
// XEP-0045: "Affiliations are granted, revoked, and
// maintained based on the user's bare JID, (...)"
owners.add(new JID(new JID(value).toBareJID()));
if (value != null && value.trim().length() != 0) {
owners.add(new JID(value.trim()).asBareJID());
}
}
}
......
src/java/org/jivesoftware/openfire/muc/spi/LocalMUCRoom.java
View file @ 3795fd14
......@@ -475,7 +475,7 @@ public class LocalMUCRoom implements MUCRoom {
}
public String getReservedNickname(JID jid) {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
String answer = members.get(bareJID);
if (answer == null || answer.trim().length() == 0) {
return null;
......@@ -484,7 +484,7 @@ public class LocalMUCRoom implements MUCRoom {
}
public MUCRole.Affiliation getAffiliation(JID jid) {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
if (owners.contains(bareJID)) {
return MUCRole.Affiliation.owner;
......@@ -519,7 +519,7 @@ public class LocalMUCRoom implements MUCRoom {
if (isDestroyed || (getMaxUsers() > 0 && getOccupantsCount() >= getMaxUsers())) {
throw new ServiceUnavailableException();
}
final JID bareJID = new JID(user.getAddress().toBareJID());
final JID bareJID = user.getAddress().asBareJID();
boolean isOwner = owners.contains(bareJID);
// If the room is locked and this user is not an owner raise a RoomLocked exception
if (isLocked()) {
......@@ -737,7 +737,7 @@ public class LocalMUCRoom implements MUCRoom {
// Add the new user as an occupant of this room
occupants.put(event.getNickname().toLowerCase(), joinRole);
// Update the tables of occupants based on the bare and full JID
JID bareJID = new JID(event.getUserAddress().toBareJID());
JID bareJID = event.getUserAddress().asBareJID();
List<MUCRole> list = occupantsByBareJID.get(bareJID);
if (list == null) {
list = new ArrayList<MUCRole>();
......@@ -858,7 +858,7 @@ public class LocalMUCRoom implements MUCRoom {
// Notify the user that he/she is no longer in the room
leaveRole.destroy();
// Update the tables of occupants based on the bare and full JID
JID bareJID = new JID(userAddress.toBareJID());
JID bareJID = userAddress.asBareJID();
List<MUCRole> list = occupantsByBareJID.get(bareJID);
if (list != null) {
list.remove(leaveRole);
......@@ -1225,7 +1225,7 @@ public class LocalMUCRoom implements MUCRoom {
* nothing if the given jid is not present in the room. If the user has joined the room from
* several client resources, all his/her occupants' presences will be updated.
*
* @param bareJID the bare jid of the user to update his/her role.
* @param jid the bare jid of the user to update his/her role.
* @param newAffiliation the new affiliation for the JID.
* @param newRole the new role for the JID.
* @return the list of updated presences of all the client resources that the client used to
......@@ -1237,7 +1237,7 @@ public class LocalMUCRoom implements MUCRoom {
throws NotAllowedException {
List<Presence> presences = new ArrayList<Presence>();
// Get all the roles (i.e. occupants) of this user based on his/her bare JID
JID bareJID = new JID(jid.toBareJID());
JID bareJID = jid.asBareJID();
List<MUCRole> roles = occupantsByBareJID.get(bareJID);
if (roles == null) {
return presences;
......@@ -1312,11 +1312,11 @@ public class LocalMUCRoom implements MUCRoom {
}
public void addFirstOwner(JID bareJID) {
owners.add(new JID(bareJID.toBareJID()));
owners.add( bareJID.asBareJID() );
}
public List<Presence> addOwner(JID jid, MUCRole sendRole) throws ForbiddenException {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
lock.writeLock().lock();
try {
MUCRole.Affiliation oldAffiliation = MUCRole.Affiliation.none;
......@@ -1362,12 +1362,12 @@ public class LocalMUCRoom implements MUCRoom {
}
private boolean removeOwner(JID jid) {
return owners.remove(new JID(jid.toBareJID()));
return owners.remove(jid.asBareJID());
}
public List<Presence> addAdmin(JID jid, MUCRole sendRole) throws ForbiddenException,
ConflictException {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
lock.writeLock().lock();
try {
MUCRole.Affiliation oldAffiliation = MUCRole.Affiliation.none;
......@@ -1417,12 +1417,12 @@ public class LocalMUCRoom implements MUCRoom {
}
private boolean removeAdmin(JID bareJID) {
return admins.remove(new JID(bareJID.toBareJID()));
return admins.remove( bareJID.asBareJID() );
}
public List<Presence> addMember(JID jid, String nickname, MUCRole sendRole)
throws ForbiddenException, ConflictException {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
lock.writeLock().lock();
try {
MUCRole.Affiliation oldAffiliation = (members.containsKey(bareJID) ?
......@@ -1489,7 +1489,7 @@ public class LocalMUCRoom implements MUCRoom {
}
private boolean removeMember(JID jid) {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
boolean answer = members.containsKey(bareJID);
members.remove(bareJID);
return answer;
......@@ -1497,7 +1497,7 @@ public class LocalMUCRoom implements MUCRoom {
public List<Presence> addOutcast(JID jid, String reason, MUCRole senderRole)
throws NotAllowedException, ForbiddenException, ConflictException {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
lock.writeLock().lock();
try {
MUCRole.Affiliation oldAffiliation = MUCRole.Affiliation.none;
......@@ -1566,12 +1566,12 @@ public class LocalMUCRoom implements MUCRoom {
}
private boolean removeOutcast(JID bareJID) {
return outcasts.remove(new JID(bareJID.toBareJID()));
return outcasts.remove( bareJID.asBareJID() );
}
public List<Presence> addNone(JID jid, MUCRole senderRole) throws ForbiddenException,
ConflictException {
final JID bareJID = new JID(jid.toBareJID());
final JID bareJID = jid.asBareJID();
List<Presence> updatedPresences = Collections.emptyList();
boolean wasMember = false;
lock.writeLock().lock();
......@@ -2258,7 +2258,7 @@ public class LocalMUCRoom implements MUCRoom {
throws ForbiddenException, ConflictException {
List<Presence> answer = new ArrayList<Presence>(newAdmins.size());
for (JID newAdmin : newAdmins) {
final JID bareJID = new JID(newAdmin.toBareJID());
final JID bareJID = newAdmin.asBareJID();
if (!admins.contains(bareJID)) {
answer.addAll(addAdmin(bareJID, senderRole));
}
......@@ -2270,7 +2270,7 @@ public class LocalMUCRoom implements MUCRoom {
throws ForbiddenException {
List<Presence> answer = new ArrayList<Presence>(newOwners.size());
for (JID newOwner : newOwners) {
final JID bareJID = new JID(newOwner.toBareJID());
final JID bareJID = newOwner.asBareJID();
if (!owners.contains(newOwner)) {
answer.addAll(addOwner(bareJID, senderRole));
}
......
src/java/org/jivesoftware/openfire/muc/spi/MultiUserChatServiceImpl.java
View file @ 3795fd14
......@@ -540,7 +540,7 @@ public class MultiUserChatServiceImpl implements Component, MultiUserChatService
else {
// The room does not exist so check for creation permissions
// Room creation is always allowed for sysadmin
final JID bareJID = new JID(userjid.toBareJID());
final JID bareJID = userjid.asBareJID();
if (isRoomCreationRestricted() && !sysadmins.contains(bareJID)) {
// The room creation is only allowed for certain JIDs
if (!allowedToCreate.contains(bareJID)) {
......@@ -809,7 +809,7 @@ public class MultiUserChatServiceImpl implements Component, MultiUserChatService
}
public void addSysadmin(JID userJID) {
final JID bareJID = new JID(userJID.toBareJID());
final JID bareJID = userJID.asBareJID();
sysadmins.add(bareJID);
......@@ -827,7 +827,7 @@ public class MultiUserChatServiceImpl implements Component, MultiUserChatService
}
public void removeSysadmin(JID userJID) {
final JID bareJID = new JID(userJID.toBareJID());
final JID bareJID = userJID.asBareJID();
sysadmins.remove(bareJID);
......@@ -947,7 +947,7 @@ public class MultiUserChatServiceImpl implements Component, MultiUserChatService
continue;
}
try {
sysadmins.add(new JID(new JID(jid.trim().toLowerCase()).toBareJID()));
sysadmins.add(new JID(jid.trim().toLowerCase()).asBareJID());
} catch (IllegalArgumentException e) {
Log.warn("The 'sysadmin.jid' property contains a value that is not a valid JID. It is ignored. Offending value: '" + jid + "'.", e);
}
......@@ -967,7 +967,7 @@ public class MultiUserChatServiceImpl implements Component, MultiUserChatService
continue;
}
try {
allowedToCreate.add(new JID(new JID(jid.trim().toLowerCase()).toBareJID()));
allowedToCreate.add(new JID(jid.trim().toLowerCase()).asBareJID());
} catch (IllegalArgumentException e) {
Log.warn("The 'create.jid' property contains a value that is not a valid JID. It is ignored. Offending value: '" + jid + "'.", e);
}
......
src/java/org/jivesoftware/openfire/pubsub/Node.java
View file @ 3795fd14
......@@ -1191,7 +1191,7 @@ public abstract class Node {
}
// Check if we should try again but using the bare JID
if (user.getResource() != null) {
user = new JID(user.toBareJID());
user = user.asBareJID();
return isAdmin(user);
}
return false;
......
src/java/org/jivesoftware/openfire/pubsub/PubSubEngine.java
View file @ 3795fd14
......@@ -289,7 +289,7 @@ public class PubSubEngine {
// Process Messages of type error to identify possible subscribers that no longer exist
if (message.getError().getType() == PacketError.Type.cancel) {
// TODO Assuming that owner is the bare JID (as defined in the JEP). This can be replaced with an explicit owner specified in the packet
JID owner = new JID(message.getFrom().toBareJID());
JID owner = message.getFrom().asBareJID();
// Terminate the subscription of the entity to all nodes hosted at the service
cancelAllSubscriptions(service, owner);
}
......@@ -334,7 +334,7 @@ public class PubSubEngine {
JID from = iq.getFrom();
// TODO Assuming that owner is the bare JID (as defined in the JEP). This can be replaced with an explicit owner specified in the packet
JID owner = new JID(from.toBareJID());
JID owner = from.asBareJID();
if (!node.getPublisherModel().canPublish(node, owner) && !service.isServiceAdmin(owner)) {
// Entity does not have sufficient privileges to publish to node
sendErrorPacket(iq, PacketError.Condition.forbidden, null);
......@@ -518,7 +518,7 @@ public class PubSubEngine {
return;
}
// TODO Assumed that the owner of the subscription is the bare JID of the subscription JID. Waiting StPeter answer for explicit field.
JID owner = new JID(subscriberJID.toBareJID());
JID owner = subscriberJID.asBareJID();
// Check if the node's access model allows the subscription to proceed
AccessModel accessModel = node.getAccessModel();
if (!accessModel.canSubscribe(node, owner, subscriberJID)) {
......@@ -869,7 +869,7 @@ public class PubSubEngine {
private void getSubscriptions(PubSubService service, IQ iq, Element childElement) {
// TODO Assuming that owner is the bare JID (as defined in the JEP). This can be replaced with an explicit owner specified in the packet
JID owner = new JID(iq.getFrom().toBareJID());
JID owner = iq.getFrom().asBareJID();
Element subscriptionsElement = childElement.element("subscriptions");
String nodeID = subscriptionsElement.attributeValue("node");
......@@ -913,7 +913,7 @@ public class PubSubEngine {
private void getAffiliations(PubSubService service, IQ iq, Element childElement) {
// TODO Assuming that owner is the bare JID (as defined in the JEP). This can be replaced with an explicit owner specified in the packet
JID owner = new JID(iq.getFrom().toBareJID());
JID owner = iq.getFrom().asBareJID();
// Collect affiliations of owner for all nodes at the service
Collection<NodeAffiliate> affiliations = new ArrayList<NodeAffiliate>();
for (Node node : service.getNodes()) {
......@@ -978,7 +978,7 @@ public class PubSubEngine {
// Check if sender and subscriber JIDs match or if a valid "trusted proxy" is being used
JID subscriberJID = iq.getFrom();
// TODO Assumed that the owner of the subscription is the bare JID of the subscription JID. Waiting StPeter answer for explicit field.
JID owner = new JID(subscriberJID.toBareJID());
JID owner = subscriberJID.asBareJID();
// Check if the node's access model allows the subscription to proceed
AccessModel accessModel = node.getAccessModel();
if (!accessModel.canAccessItems(node, owner, subscriberJID)) {
......@@ -1193,7 +1193,7 @@ public class PubSubEngine {
Node newNode = null;
try {
// TODO Assumed that the owner of the subscription is the bare JID of the subscription JID. Waiting StPeter answer for explicit field.
JID owner = new JID(from.toBareJID());
JID owner = from.asBareJID();
synchronized (newNodeID.intern()) {
if (service.getNode(newNodeID) == null) {
// Create the node
......@@ -1447,7 +1447,7 @@ public class PubSubEngine {
Element entity = (Element) it.next();
JID subscriber = new JID(entity.attributeValue("jid"));
// TODO Assumed that the owner of the subscription is the bare JID of the subscription JID. Waiting StPeter answer for explicit field.
JID owner = new JID(subscriber.toBareJID());
JID owner = subscriber.asBareJID();
String subStatus = entity.attributeValue("subscription");
String subID = entity.attributeValue("subid");
// Process subscriptions changes
......
src/java/org/jivesoftware/openfire/webdav/WebDAVLiteServlet.java
View file @ 3795fd14
......@@ -156,7 +156,7 @@ public class WebDAVLiteServlet extends HttpServlet {
if (!username.contains("@")) {
throw new Exception("Not a valid JID.");
}
final JID bareJID = new JID(new JID(username).toBareJID());
final JID bareJID = new JID(username).asBareJID();
XMPPServer.getInstance().getMultiUserChatManager().getMultiUserChatService(service).getChatRoom(room).getOccupantsByBareJID(bareJID);
return true;
}
......
src/web/muc-create-permission.jsp
View file @ 3795fd14
......@@ -82,7 +82,7 @@
try {
if (userJID != null && userJID.trim().length() > 0) {
// do validation
bareJID = new JID(new JID(userJID.trim()).toBareJID());
bareJID = new JID(userJID.trim()).asBareJID();
}
} catch (java.lang.IllegalArgumentException ex) {
errors.put("userJID","userJID");
......
src/web/muc-room-edit-form.jsp
View file @ 3795fd14
......@@ -148,7 +148,7 @@
try {
room = webManager.getMultiUserChatManager().getMultiUserChatService(roomJID).getChatRoom(roomName, address);
// Check if the room was created concurrently by another user
if (!room.getOwners().contains(new JID(address.toBareJID()))) {
if (!room.getOwners().contains(address.asBareJID())) {
errors.put("room_already_exists", "room_already_exists");
}
}
......
src/web/muc-sysadmins.jsp
View file @ 3795fd14
......@@ -51,7 +51,7 @@
JID bareJID = null;
try {
// do validation
bareJID = new JID(new JID(userJID).toBareJID());
bareJID = new JID(userJID).asBareJID();
} catch (IllegalArgumentException e) {
errors.put("userJID","userJID");
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Technounit-GROUP 2023