Mercurial > pidgin
comparison libpurple/protocols/jabber/iq.c @ 17884:feac55968392
Now all ad-hoc commands have to be sent through jabber_adhoc_execute to be properly executed (including the form steps). This cleans up the code a bit, and avoids DOS attacks by flooding the client with malicious ad-hoc command forms that were not requested.
| author | Andreas Monitzer <pidgin@monitzer.com> |
|---|---|
| date | Mon, 25 Jun 2007 20:07:31 +0000 |
| parents | 43df07968000 |
| children | 5c1ed6296b56 |
comparison
equal
deleted
inserted
replaced
| 17883:9a19c46adf66 | 17884:feac55968392 |
|---|---|
| 290 if(xmlnode_get_child_with_namespace(packet, "new-mail", "google:mail:notify")) { | 290 if(xmlnode_get_child_with_namespace(packet, "new-mail", "google:mail:notify")) { |
| 291 jabber_gmail_poke(js, packet); | 291 jabber_gmail_poke(js, packet); |
| 292 return; | 292 return; |
| 293 } | 293 } |
| 294 | 294 |
| 295 if(xmlnode_get_child_with_namespace(packet, "command", "http://jabber.org/protocol/commands")) { | |
| 296 jabber_adhoc_parse(js, packet); | |
| 297 return; | |
| 298 } | |
| 299 | |
| 300 purple_debug_info("jabber", "jabber_iq_parse\n"); | 295 purple_debug_info("jabber", "jabber_iq_parse\n"); |
| 301 | 296 |
| 302 if(xmlnode_get_child_with_namespace(packet, "ping", "http://www.xmpp.org/extensions/xep-0199.html#ns")) { | 297 if(xmlnode_get_child_with_namespace(packet, "ping", "http://www.xmpp.org/extensions/xep-0199.html#ns")) { |
| 303 jabber_ping_parse(js, packet); | 298 jabber_ping_parse(js, packet); |
| 304 return; | 299 return; |