allow roster pushes only from bare jid or null

This commit is contained in:
Daniel Gultsch 2014-05-03 17:07:37 +02:00
parent be2f7e047a
commit 4822d4dce7

View file

@ -377,12 +377,14 @@ public class XmppConnectionService extends Service {
@Override
public void onIqPacketReceived(Account account, IqPacket packet) {
if (packet.hasChild("query")) {
if (packet.hasChild("query","jabber:iq:roster")) {
String from = packet.getFrom();
if ((from==null)||(from.equals(account.getJid()))) {
Element query = packet.findChild("query");
String xmlns = query.getAttribute("xmlns");
if ((xmlns != null) && (xmlns.equals("jabber:iq:roster"))) {
processRosterItems(account, query);
mergePhoneContactsWithRoster(null);
} else {
Log.d(LOGTAG,"unauthorized roster push from: "+from);
}
} else if (packet
.hasChild("open", "http://jabber.org/protocol/ibb")