New upstream version 1.20.0

author: Andrej Shadura <andrewsh@debian.org> 2020-09-23 10:00:31 +0200
committer: Andrej Shadura <andrewsh@debian.org> 2020-09-23 10:00:31 +0200
commit: c4b994b356a5af29bdf1f8648dd7d929a237acbd (patch)
tree: 6163eda9a9a5329caea1cf5b4ad42b974cc1ae3b /synapse/handlers/profile.py
parent: a8007890d174f089f2ce28aae9d919df346f74f9 (diff)
1 files changed, 21 insertions, 2 deletions
diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py
index 31a2e5ea..0cb8fad8 100644
--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -14,6 +14,7 @@
 # limitations under the License.
 
 import logging
+import random
 
 from synapse.api.errors import (
     AuthError,
@@ -160,6 +161,9 @@ class BaseProfileHandler(BaseHandler):
                     Codes.FORBIDDEN,
                 )
 
+        if not isinstance(new_displayname, str):
+            raise SynapseError(400, "Invalid displayname")
+
         if len(new_displayname) > MAX_DISPLAYNAME_LEN:
             raise SynapseError(
                 400, "Displayname is too long (max %i)" % (MAX_DISPLAYNAME_LEN,)
@@ -213,8 +217,14 @@ class BaseProfileHandler(BaseHandler):
     async def set_avatar_url(
         self, target_user, requester, new_avatar_url, by_admin=False
     ):
-        """target_user is the user whose avatar_url is to be changed;
-        auth_user is the user attempting to make this change."""
+        """Set a new avatar URL for a user.
+
+        Args:
+            target_user (UserID): the user whose avatar URL is to be changed.
+            requester (Requester): The user attempting to make this change.
+            new_avatar_url (str): The avatar URL to give this user.
+            by_admin (bool): Whether this change was made by an administrator.
+        """
         if not self.hs.is_mine(target_user):
             raise SynapseError(400, "User is not hosted on this homeserver")
 
@@ -228,6 +238,9 @@ class BaseProfileHandler(BaseHandler):
                     400, "Changing avatar is disabled on this server", Codes.FORBIDDEN
                 )
 
+        if not isinstance(new_avatar_url, str):
+            raise SynapseError(400, "Invalid displayname")
+
         if len(new_avatar_url) > MAX_AVATAR_URL_LEN:
             raise SynapseError(
                 400, "Avatar URL is too long (max %i)" % (MAX_AVATAR_URL_LEN,)
@@ -278,6 +291,12 @@ class BaseProfileHandler(BaseHandler):
 
         await self.ratelimit(requester)
 
+        # Do not actually update the room state for shadow-banned users.
+        if requester.shadow_banned:
+            # We randomly sleep a bit just to annoy the requester.
+            await self.clock.sleep(random.randint(1, 10))
+            return
+
         room_ids = await self.store.get_rooms_for_user(target_user.to_string())
 
         for room_id in room_ids:
author	Andrej Shadura <andrewsh@debian.org>	2020-09-23 10:00:31 +0200
committer	Andrej Shadura <andrewsh@debian.org>	2020-09-23 10:00:31 +0200
commit	c4b994b356a5af29bdf1f8648dd7d929a237acbd (patch)
tree	6163eda9a9a5329caea1cf5b4ad42b974cc1ae3b /synapse/handlers/profile.py
parent	a8007890d174f089f2ce28aae9d919df346f74f9 (diff)