allow roster pushes only from bare jid or null

This commit is contained in:
Daniel Gultsch 2014-05-03 17:07:37 +02:00
parent be2f7e047a
commit 4822d4dce7

View file

@ -377,12 +377,14 @@ public class XmppConnectionService extends Service {
@Override @Override
public void onIqPacketReceived(Account account, IqPacket packet) { public void onIqPacketReceived(Account account, IqPacket packet) {
if (packet.hasChild("query")) { if (packet.hasChild("query","jabber:iq:roster")) {
Element query = packet.findChild("query"); String from = packet.getFrom();
String xmlns = query.getAttribute("xmlns"); if ((from==null)||(from.equals(account.getJid()))) {
if ((xmlns != null) && (xmlns.equals("jabber:iq:roster"))) { Element query = packet.findChild("query");
processRosterItems(account, query); processRosterItems(account, query);
mergePhoneContactsWithRoster(null); mergePhoneContactsWithRoster(null);
} else {
Log.d(LOGTAG,"unauthorized roster push from: "+from);
} }
} else if (packet } else if (packet
.hasChild("open", "http://jabber.org/protocol/ibb") .hasChild("open", "http://jabber.org/protocol/ibb")