This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Always allow the empty string as an avatar_url. #12261
Always allow the empty string as an avatar_url. #12261
Changes from 4 commits
d6830b6
94e8a5f
ba5fd0f
b0c5365
e130f44
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that you might be able to get a non-string value into here via
RoomMemberHandler.update_membership_locked
-- does that seem correct or am I missing something?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The avatar_url must have a
len
:synapse/synapse/handlers/room_member.py
Line 618 in 8533c8b
And given that it comes from JSON, that means that
avatar_url
is either a dict, list or string. So yes, I agree that we could pass non-strings into this function.But this isn't the first unverified body parameter. Frankly I'd just toss this one in the #8445 bucket.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Previoulsy a JSON
null
(orfalse
) also would work fine, since it would reduce to the empty string, I think the code incheck_avatar_size_and_mime_type
will choke on it though.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ahh sorry, you're quite right (I didn't spot the
or ""
). So that's every JSON value other than integers andtrue
then!There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the proper solution might be to do
avatar_url = content.get("avatar_url") or ""
and then use the value directly?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I sympathise, but I'm mainly interested in fixing #12257 here. The worst that happens today when going via the RoomMember path is an internal server error when a client gives us a garbage
avatar_url
. I'd rather see a systematic approach to validation rather than an ad-hoc point fix.A little more context: when trying to deactivate+erase a user, we set their avatar_url to
""
here:synapse/synapse/handlers/deactivate_account.py
Lines 149 to 151 in 15382b1
And that ends up failing if avatar restrictions are turned on.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this should handle blank strings properly, but it seems silly to not also handle the other data while we're here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not following you here---what other data you have in mind? Would you prefer
check_avatar_size_and_mime_type
to takemxc: Optional[str]
instead ofmxc: str
? Or maybemxc: Any
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm suggesting to add additional handling to raise errors if the value is not a string and not None, similar to what we do at
synapse/synapse/handlers/profile.py
Lines 296 to 304 in 300ed0b
Although that case seems to be rejecting strings... /me sighs. I'm not sure what the behavior of this code is supposed to be (should it accept nulls or not). Maybe we should just accept this as is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nor I; if it were up to me we'd reject nulls here.