mod_mam: Refuse filtering anon MUC queries by JID

Return an empty result set if a non-moderator attempts to filter by JID
while querying the archive of an anonymous MUC room.

diff --git a/src/mod_mam.erl b/src/mod_mam.erl
index 674cefc05aaf4aed0d37f149d67165926859db6c..a4dc62b012ae964a5a2ecf6346148374f3bde099 100644 (file)
--- a/src/mod_mam.erl
+++ b/src/mod_mam.erl
@@ -863,8 +863,13 @@ select(_LServer, JidRequestor, JidArchive, Query, RSM,
            {Msgs, true, L}
     end;
 select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType) ->
-    Mod = gen_mod:db_mod(LServer, ?MODULE),
-    Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType).
+    case might_expose_jid(JidRequestor, Query, MsgType) of
+       true ->
+           {[], true, 0};
+       false ->
+           Mod = gen_mod:db_mod(LServer, ?MODULE),
+           Mod:select(LServer, JidRequestor, JidArchive, Query, RSM, MsgType)
+    end.
 
 msg_to_el(#archive_msg{timestamp = TS, packet = El, nick = Nick,
                       peer = Peer, id = ID},
@@ -988,6 +993,24 @@ match_rsm(Now, #rsm_set{before = ID}) when is_binary(ID), ID /= <<"">> ->
 match_rsm(_Now, _) ->
     true.
 
+might_expose_jid(JidRequestor, Query, {groupchat, Role,
+                        #state{config = #config{anonymous = true}}})
+  when Role /= moderator ->
+    case proplists:get_value(with, Query) of
+       undefined ->
+           false;
+       With ->
+           case {jid:remove_resource(jid:tolower(With)),
+                 jid:remove_resource(jid:tolower(JidRequestor))} of
+               {J, J} ->
+                   false;
+               _ ->
+                   true
+           end
+    end;
+might_expose_jid(_JidRequestor, _Query, _MsgType) ->
+    false.
+
 get_jids(undefined) ->
     [];
 get_jids(Js) ->