diff options
| author | Linus Jahn <lnj@kaidan.im> | 2023-03-17 17:24:52 +0100 |
|---|---|---|
| committer | Linus Jahn <lnj@kaidan.im> | 2023-03-17 17:24:52 +0100 |
| commit | 55362b2e36f91282ccfbdd2bd5a9bba1d50c2002 (patch) | |
| tree | a0d6193add779507821defb2ebe9e9f8d8405628 /src/base/QXmppStream.cpp | |
| parent | d679ad1c49eeb28be2ac3a75bd7fd1a9be24d483 (diff) | |
| parent | 1cf0a4aff856a1f3cab0f9750ee6b361691350a7 (diff) | |
| download | qxmpp-55362b2e36f91282ccfbdd2bd5a9bba1d50c2002.tar.gz | |
Merge branch '1.5'
Diffstat (limited to 'src/base/QXmppStream.cpp')
| -rw-r--r-- | src/base/QXmppStream.cpp | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/src/base/QXmppStream.cpp b/src/base/QXmppStream.cpp index 0ea87cbd..7c49c762 100644 --- a/src/base/QXmppStream.cpp +++ b/src/base/QXmppStream.cpp @@ -197,7 +197,7 @@ QXmppTask<QXmpp::SendResult> QXmppStream::send(QXmppPacket &&packet, bool &writt /// /// \since QXmpp 1.5 /// -QXmppTask<QXmppStream::IqResult> QXmppStream::sendIq(QXmppIq &&iq) +QXmppTask<QXmppStream::IqResult> QXmppStream::sendIq(QXmppIq &&iq, const QString &to) { using namespace QXmpp; @@ -212,7 +212,7 @@ QXmppTask<QXmppStream::IqResult> QXmppStream::sendIq(QXmppIq &&iq) iq.setId(QXmppUtils::generateStanzaUuid()); } - return sendIq(QXmppPacket(iq), iq.id(), iq.to()); + return sendIq(QXmppPacket(iq), iq.id(), to); } /// @@ -466,10 +466,18 @@ bool QXmppStream::handleIqResponse(const QDomElement &stanza) return false; } - if (auto itr = d->runningIqs.find(stanza.attribute(QStringLiteral("id"))); + const auto id = stanza.attribute(QStringLiteral("id")); + if (auto itr = d->runningIqs.find(id); itr != d->runningIqs.end()) { - if (stanza.attribute("from") != itr.value().jid) { - warning(QStringLiteral("Received IQ response to one of our requests from wrong sender. Ignoring.")); + const auto expectedFrom = itr.value().jid; + // Check that the sender of the response matches the recipient of the request. + // Stanzas coming from the server on behalf of the user's account must have no "from" + // attribute or have it set to the user's bare JID. + // If 'from' is empty, the IQ has been sent by the server. In this case we don't need to + // do the check as we trust the server anyways. + if (const auto from = stanza.attribute("from"); !from.isEmpty() && from != expectedFrom) { + warning(QStringLiteral("Ignored received IQ response to request '%1' because of wrong sender '%2' instead of expected sender '%3'") + .arg(id, from, expectedFrom)); return false; } |