From 53bc8eb82f112f78316b8f4e9a6c690d630067b6 Mon Sep 17 00:00:00 2001 From: David Baker Date: Tue, 28 Feb 2023 13:50:24 +0000 Subject: [PATCH] Behave sensibly if a full room alias is entered Check explicitly to see if the room name that's enetered into the box looks like a room alias and if so, do the sensible thing. Fixes https://github.com/vector-im/element-call/issues/852 --- src/home/RegisteredView.tsx | 11 +++++++++-- src/home/UnauthenticatedView.tsx | 8 ++++++-- src/matrix-utils.ts | 25 +++++++++++++++++++++++++ 3 files changed, 40 insertions(+), 4 deletions(-) diff --git a/src/home/RegisteredView.tsx b/src/home/RegisteredView.tsx index 4f96c42..b08f22a 100644 --- a/src/home/RegisteredView.tsx +++ b/src/home/RegisteredView.tsx @@ -24,7 +24,11 @@ import { useHistory } from "react-router-dom"; import { MatrixClient } from "matrix-js-sdk/src/client"; import { useTranslation } from "react-i18next"; -import { createRoom, roomAliasLocalpartFromRoomName } from "../matrix-utils"; +import { + createRoom, + roomAliasLocalpartFromRoomName, + sanitiseRoomNameInput, +} from "../matrix-utils"; import { useGroupCallRooms } from "./useGroupCallRooms"; import { Header, HeaderLogo, LeftNav, RightNav } from "../Header"; import commonStyles from "./common.module.css"; @@ -57,7 +61,10 @@ export function RegisteredView({ client, isPasswordlessUser }: Props) { e.preventDefault(); const data = new FormData(e.target as HTMLFormElement); const roomNameData = data.get("callName"); - const roomName = typeof roomNameData === "string" ? roomNameData : ""; + const roomName = + typeof roomNameData === "string" + ? sanitiseRoomNameInput(roomNameData) + : ""; const ptt = callType === CallType.Radio; async function submit() { diff --git a/src/home/UnauthenticatedView.tsx b/src/home/UnauthenticatedView.tsx index 089156c..826468b 100644 --- a/src/home/UnauthenticatedView.tsx +++ b/src/home/UnauthenticatedView.tsx @@ -24,7 +24,11 @@ import { Header, HeaderLogo, LeftNav, RightNav } from "../Header"; import { UserMenuContainer } from "../UserMenuContainer"; import { FieldRow, InputField, ErrorMessage } from "../input/Input"; import { Button } from "../button"; -import { createRoom, roomAliasLocalpartFromRoomName } from "../matrix-utils"; +import { + createRoom, + roomAliasLocalpartFromRoomName, + sanitiseRoomNameInput, +} from "../matrix-utils"; import { useInteractiveRegistration } from "../auth/useInteractiveRegistration"; import { useModalTriggerState } from "../Modal"; import { JoinExistingCallModal } from "./JoinExistingCallModal"; @@ -54,7 +58,7 @@ export const UnauthenticatedView: FC = () => { (e) => { e.preventDefault(); const data = new FormData(e.target as HTMLFormElement); - const roomName = data.get("callName") as string; + const roomName = sanitiseRoomNameInput(data.get("callName") as string); const displayName = data.get("displayName") as string; const ptt = callType === CallType.Radio; diff --git a/src/matrix-utils.ts b/src/matrix-utils.ts index 0a2ecfe..7f70a23 100644 --- a/src/matrix-utils.ts +++ b/src/matrix-utils.ts @@ -211,6 +211,31 @@ export function fullAliasFromRoomName( return `#${roomAliasLocalpartFromRoomName(roomName)}:${client.getDomain()}`; } +/** + * Applies some basic sanitisation to an room name that the user + * has given us + * @param input The room name from the user + * @param client A matrix client object + */ +export function sanitiseRoomNameInput(input: string): string { + // check to see if the user has enetered a fully qualified room + // alias. If so, turn it into just the localpart because that's what + // we use + const parts = input.split(":", 2); + if (parts.length === 2 && parts[0][0] === "#") { + // looks like a room alias + if (parts[1] === Config.defaultServerName()) { + // it's local to our own homeserver + return parts[0]; + } else { + throw new Error("Unsupported remote room alias"); + } + } + + // that's all we do here right now + return input; +} + /** * XXX: What is this trying to do? It looks like it's getting the localpart from * a room alias, but why is it splitting on hyphens and then putting spaces in??