Validate fields of push node enabling forms

Previously missing keys or values would be reported as 'undefined', which could result in a crash (Mnesia) or would be silently converted to binaries (RDBMS).
esl · Jan 3, 2023 · df0471f · df0471f
1 parent 00f6300
commit df0471f
Showing 1 changed file with 24 additions and 10 deletions.
diff --git a/src/event_pusher/mod_event_pusher_push.erl b/src/event_pusher/mod_event_pusher_push.erl
@@ -231,25 +231,39 @@ parse_request(_) ->
 parse_form(undefined) ->
     [];
 parse_form(Form) ->
+    case is_valid_form(Form) of
+        true ->
+            parse_form_fields(Form);
+        false ->
+            invalid_form
+    end.
+
+-spec is_valid_form(exml:element()) -> boolean().
+is_valid_form(Form) ->
     IsForm = ?NS_XDATA == exml_query:attr(Form, <<"xmlns">>),
     IsSubmit = <<"submit">> == exml_query:attr(Form, <<"type">>, <<"submit">>),
+    IsForm andalso IsSubmit.
 
+-spec parse_form_fields(exml:element()) -> invalid_form | form().
+parse_form_fields(Form) ->
     FieldsXML = exml_query:subelements(Form, <<"field">>),
     Fields = [{exml_query:attr(Field, <<"var">>),
                exml_query:path(Field, [{element, <<"value">>}, cdata])} || Field <- FieldsXML],
-    {[{_, FormType}], CustomFields} = lists:partition(
-                                        fun({Name, _}) ->
-                                                Name == <<"FORM_TYPE">>
-                                        end, Fields),
-    IsFormTypeCorrect = ?NS_PUBSUB_PUB_OPTIONS == FormType,
-
-    case IsForm andalso IsSubmit andalso IsFormTypeCorrect of
-        true ->
-            CustomFields;
-        false ->
+    case lists:keytake(<<"FORM_TYPE">>, 1, Fields) of
+        {value, {_, ?NS_PUBSUB_PUB_OPTIONS}, CustomFields} ->
+            case are_form_fields_valid(CustomFields) of
+                true ->
+                    {ok, CustomFields};
+                false ->
+                    invalid_form
+            end;
+        _ ->
             invalid_form
     end.
 
+are_form_fields_valid(Fields) ->
+    lists:all(fun({Key, Value}) -> is_binary(Key) andalso is_binary(Value) end, Fields).
+
 -spec enable_node(mongooseim:host_type(), jid:jid(), jid:jid(), pubsub_node(), form()) ->
     ok | {error, Reason :: term()}.
 enable_node(HostType, From, BarePubSubJID, Node, FormFields) ->