TakeV
/
dino
mirror of https://github.com/TakeV-Lambda/dino.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reject non-TLS URLs in HTTP File Upload (#1098) 

* Reject non-TLS URLs in HTTP File Upload

This is a MUST in the XEP.

* Update 0363_http_file_upload.vala

Co-authored-by: fiaxh <fiaxh@users.noreply.github.com>
This commit is contained in:
linkmauve 2021-11-28 22:54:48 +01:00 committed by GitHub
parent e7500138a9
commit 905f93bccc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
xmpp-vala/src/module/xep/0363_http_file_upload.vala
View File

@ -72,6 +72,11 @@ public class Module : XmppStreamModule {
Idle.add((owned) callback);
return;
}
if (!url_get.down().has_prefix("https://") || !url_put.down().has_prefix("https://")) {
e = new HttpFileTransferError.SLOT_REQUEST("Error getting upload/download url: Received non-https URL from server");
Idle.add((owned) callback);
return;
}
slot_result.headers = new HashMap<string, string>();