powered by Jive Software

sendMessage does not check to see if user has permission to post


#1
  1. XMPP client joins a moderated XMPP room.
  2. An admin changes the client’s role to Visitor.
  3. Client posts a message to the room
  4. Nothing will be posted to the room and an error stanza of type forbidden will be received from the server, but the code does not check for it.

There maybe a more elegant way of doing this, but I added a responseFilter to check for this. If this is acceptable, the same change would have to be made to the version of sendMessage that takes a Message as the parameter.

diff.txt (3.0 KB)


#2

My main problem with your proposed change is that it forces sendMessage() to block in the common case until the reply timeout has passed. I doubt that this is a good idea. (There is also a slim chance that the error listener will catch false positives).

I would simply create a listener for message error responses from the MUC. Then the user can decide to setup such a listener.