Check app-provided contact.user_id.
This commit is contained in:
parent
c0c5aefabf
commit
306aec8d6a
@ -8,6 +8,8 @@
|
||||
|
||||
#include "td/telegram/misc.h"
|
||||
#include "td/telegram/secret_api.h"
|
||||
#include "td/telegram/Td.h"
|
||||
#include "td/telegram/UserManager.h"
|
||||
|
||||
#include "td/utils/common.h"
|
||||
|
||||
@ -46,8 +48,9 @@ const string &Contact::get_last_name() const {
|
||||
return last_name_;
|
||||
}
|
||||
|
||||
tl_object_ptr<td_api::contact> Contact::get_contact_object() const {
|
||||
return make_tl_object<td_api::contact>(phone_number_, first_name_, last_name_, vcard_, user_id_.get());
|
||||
tl_object_ptr<td_api::contact> Contact::get_contact_object(Td *td) const {
|
||||
return make_tl_object<td_api::contact>(phone_number_, first_name_, last_name_, vcard_,
|
||||
td->user_manager_->get_user_id_object(user_id_, "contact"));
|
||||
}
|
||||
|
||||
tl_object_ptr<telegram_api::inputMediaContact> Contact::get_input_media_contact() const {
|
||||
@ -88,7 +91,7 @@ StringBuilder &operator<<(StringBuilder &string_builder, const Contact &contact)
|
||||
<< ", vCard size = " << contact.vcard_.size() << contact.user_id_ << "]";
|
||||
}
|
||||
|
||||
Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) {
|
||||
Result<Contact> get_contact(Td *td, td_api::object_ptr<td_api::contact> &&contact) {
|
||||
if (contact == nullptr) {
|
||||
return Status::Error(400, "Contact must be non-empty");
|
||||
}
|
||||
@ -105,15 +108,20 @@ Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) {
|
||||
if (!clean_input_string(contact->vcard_)) {
|
||||
return Status::Error(400, "vCard must be encoded in UTF-8");
|
||||
}
|
||||
UserId user_id(contact->user_id_);
|
||||
if (user_id != UserId() && !td->user_manager_->have_user_force(user_id, "get_contact")) {
|
||||
return Status::Error(400, "User not found");
|
||||
}
|
||||
|
||||
return Contact(std::move(contact->phone_number_), std::move(contact->first_name_), std::move(contact->last_name_),
|
||||
std::move(contact->vcard_), UserId(contact->user_id_));
|
||||
std::move(contact->vcard_), user_id);
|
||||
}
|
||||
|
||||
Result<Contact> process_input_message_contact(tl_object_ptr<td_api::InputMessageContent> &&input_message_content) {
|
||||
Result<Contact> process_input_message_contact(Td *td,
|
||||
td_api::object_ptr<td_api::InputMessageContent> &&input_message_content) {
|
||||
CHECK(input_message_content != nullptr);
|
||||
CHECK(input_message_content->get_id() == td_api::inputMessageContact::ID);
|
||||
return get_contact(std::move(static_cast<td_api::inputMessageContact *>(input_message_content.get())->contact_));
|
||||
return get_contact(td, std::move(static_cast<td_api::inputMessageContact *>(input_message_content.get())->contact_));
|
||||
}
|
||||
|
||||
} // namespace td
|
||||
|
@ -22,6 +22,8 @@
|
||||
|
||||
namespace td {
|
||||
|
||||
class Td;
|
||||
|
||||
class Contact {
|
||||
string phone_number_;
|
||||
string first_name_;
|
||||
@ -52,7 +54,7 @@ class Contact {
|
||||
|
||||
const string &get_last_name() const;
|
||||
|
||||
tl_object_ptr<td_api::contact> get_contact_object() const;
|
||||
tl_object_ptr<td_api::contact> get_contact_object(Td *td) const;
|
||||
|
||||
tl_object_ptr<telegram_api::inputMediaContact> get_input_media_contact() const;
|
||||
|
||||
@ -141,9 +143,9 @@ struct ContactHash {
|
||||
}
|
||||
};
|
||||
|
||||
Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) TD_WARN_UNUSED_RESULT;
|
||||
Result<Contact> get_contact(Td *td, td_api::object_ptr<td_api::contact> &&contact) TD_WARN_UNUSED_RESULT;
|
||||
|
||||
Result<Contact> process_input_message_contact(tl_object_ptr<td_api::InputMessageContent> &&input_message_content)
|
||||
TD_WARN_UNUSED_RESULT;
|
||||
Result<Contact> process_input_message_contact(
|
||||
Td *td, td_api::object_ptr<td_api::InputMessageContent> &&input_message_content) TD_WARN_UNUSED_RESULT;
|
||||
|
||||
} // namespace td
|
||||
|
@ -423,7 +423,7 @@ Result<tl_object_ptr<telegram_api::InputBotInlineMessage>> InlineQueriesManager:
|
||||
std::move(entities), std::move(input_reply_markup));
|
||||
}
|
||||
if (constructor_id == td_api::inputMessageContact::ID) {
|
||||
TRY_RESULT(contact, process_input_message_contact(std::move(input_message_content)));
|
||||
TRY_RESULT(contact, process_input_message_contact(td_, std::move(input_message_content)));
|
||||
return contact.get_input_bot_inline_message_media_contact(std::move(input_reply_markup));
|
||||
}
|
||||
if (constructor_id == td_api::inputMessageInvoice::ID) {
|
||||
@ -1797,10 +1797,10 @@ void InlineQueriesManager::on_get_inline_query_results(DialogId dialog_id, UserI
|
||||
static_cast<const telegram_api::botInlineMessageMediaContact *>(result->send_message_.get());
|
||||
Contact c(inline_message_contact->phone_number_, inline_message_contact->first_name_,
|
||||
inline_message_contact->last_name_, inline_message_contact->vcard_, UserId());
|
||||
contact->contact_ = c.get_contact_object();
|
||||
contact->contact_ = c.get_contact_object(td_);
|
||||
} else {
|
||||
Contact c(std::move(result->description_), std::move(result->title_), string(), string(), UserId());
|
||||
contact->contact_ = c.get_contact_object();
|
||||
contact->contact_ = c.get_contact_object(td_);
|
||||
}
|
||||
contact->thumbnail_ = register_thumbnail(std::move(result->thumb_));
|
||||
|
||||
|
@ -2772,7 +2772,7 @@ static Result<InputMessageContent> create_input_message_content(
|
||||
break;
|
||||
}
|
||||
case td_api::inputMessageContact::ID: {
|
||||
TRY_RESULT(contact, process_input_message_contact(std::move(input_message_content)));
|
||||
TRY_RESULT(contact, process_input_message_contact(td, std::move(input_message_content)));
|
||||
content = make_unique<MessageContact>(std::move(contact));
|
||||
break;
|
||||
}
|
||||
@ -6929,7 +6929,7 @@ tl_object_ptr<td_api::MessageContent> get_message_content_object(const MessageCo
|
||||
}
|
||||
case MessageContentType::Contact: {
|
||||
const auto *m = static_cast<const MessageContact *>(content);
|
||||
return make_tl_object<td_api::messageContact>(m->contact.get_contact_object());
|
||||
return make_tl_object<td_api::messageContact>(m->contact.get_contact_object(td));
|
||||
}
|
||||
case MessageContentType::Document: {
|
||||
const auto *m = static_cast<const MessageDocument *>(content);
|
||||
|
@ -7594,7 +7594,7 @@ void Td::on_request(uint64 id, const td_api::getBlockedMessageSenders &request)
|
||||
|
||||
void Td::on_request(uint64 id, td_api::addContact &request) {
|
||||
CHECK_IS_USER();
|
||||
auto r_contact = get_contact(std::move(request.contact_));
|
||||
auto r_contact = get_contact(this, std::move(request.contact_));
|
||||
if (r_contact.is_error()) {
|
||||
return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
|
||||
}
|
||||
@ -7607,7 +7607,7 @@ void Td::on_request(uint64 id, td_api::importContacts &request) {
|
||||
vector<Contact> contacts;
|
||||
contacts.reserve(request.contacts_.size());
|
||||
for (auto &contact : request.contacts_) {
|
||||
auto r_contact = get_contact(std::move(contact));
|
||||
auto r_contact = get_contact(this, std::move(contact));
|
||||
if (r_contact.is_error()) {
|
||||
return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
|
||||
}
|
||||
@ -7642,7 +7642,7 @@ void Td::on_request(uint64 id, td_api::changeImportedContacts &request) {
|
||||
vector<Contact> contacts;
|
||||
contacts.reserve(request.contacts_.size());
|
||||
for (auto &contact : request.contacts_) {
|
||||
auto r_contact = get_contact(std::move(contact));
|
||||
auto r_contact = get_contact(this, std::move(contact));
|
||||
if (r_contact.is_error()) {
|
||||
return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user