Check app-provided contact.user_id.

2024-04-28 21:46:18 +03:00 · 2024-04-28 21:46:18 +03:00 · 306aec8d6a
commit 306aec8d6a
parent c0c5aefabf
5 changed files with 28 additions and 18 deletions
--- a/td/telegram/Contact.cpp
+++ b/td/telegram/Contact.cpp
@ -8,6 +8,8 @@

 #include "td/telegram/misc.h"
 #include "td/telegram/secret_api.h"
+#include "td/telegram/Td.h"
+#include "td/telegram/UserManager.h"

 #include "td/utils/common.h"

@ -46,8 +48,9 @@ const string &Contact::get_last_name() const {
  return last_name_;
 }

-tl_object_ptr<td_api::contact> Contact::get_contact_object() const {
-  return make_tl_object<td_api::contact>(phone_number_, first_name_, last_name_, vcard_, user_id_.get());
+tl_object_ptr<td_api::contact> Contact::get_contact_object(Td *td) const {
+  return make_tl_object<td_api::contact>(phone_number_, first_name_, last_name_, vcard_,
+                                         td->user_manager_->get_user_id_object(user_id_, "contact"));
 }

 tl_object_ptr<telegram_api::inputMediaContact> Contact::get_input_media_contact() const {
@ -88,7 +91,7 @@ StringBuilder &operator<<(StringBuilder &string_builder, const Contact &contact)
                        << ", vCard size = " << contact.vcard_.size() << contact.user_id_ << "]";
 }

-Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) {
+Result<Contact> get_contact(Td *td, td_api::object_ptr<td_api::contact> &&contact) {
  if (contact == nullptr) {
    return Status::Error(400, "Contact must be non-empty");
  }
@ -105,15 +108,20 @@ Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) {
  if (!clean_input_string(contact->vcard_)) {
    return Status::Error(400, "vCard must be encoded in UTF-8");
  }
+  UserId user_id(contact->user_id_);
+  if (user_id != UserId() && !td->user_manager_->have_user_force(user_id, "get_contact")) {
+    return Status::Error(400, "User not found");
+  }

  return Contact(std::move(contact->phone_number_), std::move(contact->first_name_), std::move(contact->last_name_),
-                 std::move(contact->vcard_), UserId(contact->user_id_));
+                 std::move(contact->vcard_), user_id);
 }

-Result<Contact> process_input_message_contact(tl_object_ptr<td_api::InputMessageContent> &&input_message_content) {
+Result<Contact> process_input_message_contact(Td *td,
+                                              td_api::object_ptr<td_api::InputMessageContent> &&input_message_content) {
  CHECK(input_message_content != nullptr);
  CHECK(input_message_content->get_id() == td_api::inputMessageContact::ID);
-  return get_contact(std::move(static_cast<td_api::inputMessageContact *>(input_message_content.get())->contact_));
+  return get_contact(td, std::move(static_cast<td_api::inputMessageContact *>(input_message_content.get())->contact_));
 }

 }  // namespace td
--- a/td/telegram/Contact.h
+++ b/td/telegram/Contact.h
@ -22,6 +22,8 @@

 namespace td {

+class Td;
+
 class Contact {
  string phone_number_;
  string first_name_;
@ -52,7 +54,7 @@ class Contact {

  const string &get_last_name() const;

-  tl_object_ptr<td_api::contact> get_contact_object() const;
+  tl_object_ptr<td_api::contact> get_contact_object(Td *td) const;

  tl_object_ptr<telegram_api::inputMediaContact> get_input_media_contact() const;

@ -141,9 +143,9 @@ struct ContactHash {
  }
 };

-Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) TD_WARN_UNUSED_RESULT;
+Result<Contact> get_contact(Td *td, td_api::object_ptr<td_api::contact> &&contact) TD_WARN_UNUSED_RESULT;

-Result<Contact> process_input_message_contact(tl_object_ptr<td_api::InputMessageContent> &&input_message_content)
-    TD_WARN_UNUSED_RESULT;
+Result<Contact> process_input_message_contact(
+    Td *td, td_api::object_ptr<td_api::InputMessageContent> &&input_message_content) TD_WARN_UNUSED_RESULT;

 }  // namespace td
--- a/td/telegram/InlineQueriesManager.cpp
+++ b/td/telegram/InlineQueriesManager.cpp
@ -423,7 +423,7 @@ Result<tl_object_ptr<telegram_api::InputBotInlineMessage>> InlineQueriesManager:
                                                                   std::move(entities), std::move(input_reply_markup));
  }
  if (constructor_id == td_api::inputMessageContact::ID) {
-    TRY_RESULT(contact, process_input_message_contact(std::move(input_message_content)));
+    TRY_RESULT(contact, process_input_message_contact(td_, std::move(input_message_content)));
    return contact.get_input_bot_inline_message_media_contact(std::move(input_reply_markup));
  }
  if (constructor_id == td_api::inputMessageInvoice::ID) {
@ -1797,10 +1797,10 @@ void InlineQueriesManager::on_get_inline_query_results(DialogId dialog_id, UserI
                static_cast<const telegram_api::botInlineMessageMediaContact *>(result->send_message_.get());
            Contact c(inline_message_contact->phone_number_, inline_message_contact->first_name_,
                      inline_message_contact->last_name_, inline_message_contact->vcard_, UserId());
-            contact->contact_ = c.get_contact_object();
+            contact->contact_ = c.get_contact_object(td_);
          } else {
            Contact c(std::move(result->description_), std::move(result->title_), string(), string(), UserId());
-            contact->contact_ = c.get_contact_object();
+            contact->contact_ = c.get_contact_object(td_);
          }
          contact->thumbnail_ = register_thumbnail(std::move(result->thumb_));

--- a/td/telegram/MessageContent.cpp
+++ b/td/telegram/MessageContent.cpp
@ -2772,7 +2772,7 @@ static Result<InputMessageContent> create_input_message_content(
      break;
    }
    case td_api::inputMessageContact::ID: {
-      TRY_RESULT(contact, process_input_message_contact(std::move(input_message_content)));
+      TRY_RESULT(contact, process_input_message_contact(td, std::move(input_message_content)));
      content = make_unique<MessageContact>(std::move(contact));
      break;
    }
@ -6929,7 +6929,7 @@ tl_object_ptr<td_api::MessageContent> get_message_content_object(const MessageCo
    }
    case MessageContentType::Contact: {
      const auto *m = static_cast<const MessageContact *>(content);
-      return make_tl_object<td_api::messageContact>(m->contact.get_contact_object());
+      return make_tl_object<td_api::messageContact>(m->contact.get_contact_object(td));
    }
    case MessageContentType::Document: {
      const auto *m = static_cast<const MessageDocument *>(content);
--- a/td/telegram/Td.cpp
+++ b/td/telegram/Td.cpp
@ -7594,7 +7594,7 @@ void Td::on_request(uint64 id, const td_api::getBlockedMessageSenders &request)

 void Td::on_request(uint64 id, td_api::addContact &request) {
  CHECK_IS_USER();
-  auto r_contact = get_contact(std::move(request.contact_));
+  auto r_contact = get_contact(this, std::move(request.contact_));
  if (r_contact.is_error()) {
    return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
  }
@ -7607,7 +7607,7 @@ void Td::on_request(uint64 id, td_api::importContacts &request) {
  vector<Contact> contacts;
  contacts.reserve(request.contacts_.size());
  for (auto &contact : request.contacts_) {
-    auto r_contact = get_contact(std::move(contact));
+    auto r_contact = get_contact(this, std::move(contact));
    if (r_contact.is_error()) {
      return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
    }
@ -7642,7 +7642,7 @@ void Td::on_request(uint64 id, td_api::changeImportedContacts &request) {
  vector<Contact> contacts;
  contacts.reserve(request.contacts_.size());
  for (auto &contact : request.contacts_) {
-    auto r_contact = get_contact(std::move(contact));
+    auto r_contact = get_contact(this, std::move(contact));
    if (r_contact.is_error()) {
      return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
    }