Skip to content

Commit

Permalink
Check app-provided contact.user_id.
Browse files Browse the repository at this point in the history
  • Loading branch information
levlam committed Apr 28, 2024
1 parent c0c5aef commit 306aec8
Show file tree
Hide file tree
Showing 5 changed files with 28 additions and 18 deletions.
20 changes: 14 additions & 6 deletions td/telegram/Contact.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@

#include "td/telegram/misc.h"
#include "td/telegram/secret_api.h"
#include "td/telegram/Td.h"
#include "td/telegram/UserManager.h"

#include "td/utils/common.h"

Expand Down Expand Up @@ -46,8 +48,9 @@ const string &Contact::get_last_name() const {
return last_name_;
}

tl_object_ptr<td_api::contact> Contact::get_contact_object() const {
return make_tl_object<td_api::contact>(phone_number_, first_name_, last_name_, vcard_, user_id_.get());
tl_object_ptr<td_api::contact> Contact::get_contact_object(Td *td) const {
return make_tl_object<td_api::contact>(phone_number_, first_name_, last_name_, vcard_,
td->user_manager_->get_user_id_object(user_id_, "contact"));
}

tl_object_ptr<telegram_api::inputMediaContact> Contact::get_input_media_contact() const {
Expand Down Expand Up @@ -88,7 +91,7 @@ StringBuilder &operator<<(StringBuilder &string_builder, const Contact &contact)
<< ", vCard size = " << contact.vcard_.size() << contact.user_id_ << "]";
}

Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) {
Result<Contact> get_contact(Td *td, td_api::object_ptr<td_api::contact> &&contact) {
if (contact == nullptr) {
return Status::Error(400, "Contact must be non-empty");
}
Expand All @@ -105,15 +108,20 @@ Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) {
if (!clean_input_string(contact->vcard_)) {
return Status::Error(400, "vCard must be encoded in UTF-8");
}
UserId user_id(contact->user_id_);
if (user_id != UserId() && !td->user_manager_->have_user_force(user_id, "get_contact")) {
return Status::Error(400, "User not found");
}

return Contact(std::move(contact->phone_number_), std::move(contact->first_name_), std::move(contact->last_name_),
std::move(contact->vcard_), UserId(contact->user_id_));
std::move(contact->vcard_), user_id);
}

Result<Contact> process_input_message_contact(tl_object_ptr<td_api::InputMessageContent> &&input_message_content) {
Result<Contact> process_input_message_contact(Td *td,
td_api::object_ptr<td_api::InputMessageContent> &&input_message_content) {
CHECK(input_message_content != nullptr);
CHECK(input_message_content->get_id() == td_api::inputMessageContact::ID);
return get_contact(std::move(static_cast<td_api::inputMessageContact *>(input_message_content.get())->contact_));
return get_contact(td, std::move(static_cast<td_api::inputMessageContact *>(input_message_content.get())->contact_));
}

} // namespace td
10 changes: 6 additions & 4 deletions td/telegram/Contact.h
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@

namespace td {

class Td;

class Contact {
string phone_number_;
string first_name_;
Expand Down Expand Up @@ -52,7 +54,7 @@ class Contact {

const string &get_last_name() const;

tl_object_ptr<td_api::contact> get_contact_object() const;
tl_object_ptr<td_api::contact> get_contact_object(Td *td) const;

tl_object_ptr<telegram_api::inputMediaContact> get_input_media_contact() const;

Expand Down Expand Up @@ -141,9 +143,9 @@ struct ContactHash {
}
};

Result<Contact> get_contact(td_api::object_ptr<td_api::contact> &&contact) TD_WARN_UNUSED_RESULT;
Result<Contact> get_contact(Td *td, td_api::object_ptr<td_api::contact> &&contact) TD_WARN_UNUSED_RESULT;

Result<Contact> process_input_message_contact(tl_object_ptr<td_api::InputMessageContent> &&input_message_content)
TD_WARN_UNUSED_RESULT;
Result<Contact> process_input_message_contact(
Td *td, td_api::object_ptr<td_api::InputMessageContent> &&input_message_content) TD_WARN_UNUSED_RESULT;

} // namespace td
6 changes: 3 additions & 3 deletions td/telegram/InlineQueriesManager.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -423,7 +423,7 @@ Result<tl_object_ptr<telegram_api::InputBotInlineMessage>> InlineQueriesManager:
std::move(entities), std::move(input_reply_markup));
}
if (constructor_id == td_api::inputMessageContact::ID) {
TRY_RESULT(contact, process_input_message_contact(std::move(input_message_content)));
TRY_RESULT(contact, process_input_message_contact(td_, std::move(input_message_content)));
return contact.get_input_bot_inline_message_media_contact(std::move(input_reply_markup));
}
if (constructor_id == td_api::inputMessageInvoice::ID) {
Expand Down Expand Up @@ -1797,10 +1797,10 @@ void InlineQueriesManager::on_get_inline_query_results(DialogId dialog_id, UserI
static_cast<const telegram_api::botInlineMessageMediaContact *>(result->send_message_.get());
Contact c(inline_message_contact->phone_number_, inline_message_contact->first_name_,
inline_message_contact->last_name_, inline_message_contact->vcard_, UserId());
contact->contact_ = c.get_contact_object();
contact->contact_ = c.get_contact_object(td_);
} else {
Contact c(std::move(result->description_), std::move(result->title_), string(), string(), UserId());
contact->contact_ = c.get_contact_object();
contact->contact_ = c.get_contact_object(td_);
}
contact->thumbnail_ = register_thumbnail(std::move(result->thumb_));

Expand Down
4 changes: 2 additions & 2 deletions td/telegram/MessageContent.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2772,7 +2772,7 @@ static Result<InputMessageContent> create_input_message_content(
break;
}
case td_api::inputMessageContact::ID: {
TRY_RESULT(contact, process_input_message_contact(std::move(input_message_content)));
TRY_RESULT(contact, process_input_message_contact(td, std::move(input_message_content)));
content = make_unique<MessageContact>(std::move(contact));
break;
}
Expand Down Expand Up @@ -6929,7 +6929,7 @@ tl_object_ptr<td_api::MessageContent> get_message_content_object(const MessageCo
}
case MessageContentType::Contact: {
const auto *m = static_cast<const MessageContact *>(content);
return make_tl_object<td_api::messageContact>(m->contact.get_contact_object());
return make_tl_object<td_api::messageContact>(m->contact.get_contact_object(td));
}
case MessageContentType::Document: {
const auto *m = static_cast<const MessageDocument *>(content);
Expand Down
6 changes: 3 additions & 3 deletions td/telegram/Td.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -7594,7 +7594,7 @@ void Td::on_request(uint64 id, const td_api::getBlockedMessageSenders &request)

void Td::on_request(uint64 id, td_api::addContact &request) {
CHECK_IS_USER();
auto r_contact = get_contact(std::move(request.contact_));
auto r_contact = get_contact(this, std::move(request.contact_));
if (r_contact.is_error()) {
return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
}
Expand All @@ -7607,7 +7607,7 @@ void Td::on_request(uint64 id, td_api::importContacts &request) {
vector<Contact> contacts;
contacts.reserve(request.contacts_.size());
for (auto &contact : request.contacts_) {
auto r_contact = get_contact(std::move(contact));
auto r_contact = get_contact(this, std::move(contact));
if (r_contact.is_error()) {
return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
}
Expand Down Expand Up @@ -7642,7 +7642,7 @@ void Td::on_request(uint64 id, td_api::changeImportedContacts &request) {
vector<Contact> contacts;
contacts.reserve(request.contacts_.size());
for (auto &contact : request.contacts_) {
auto r_contact = get_contact(std::move(contact));
auto r_contact = get_contact(this, std::move(contact));
if (r_contact.is_error()) {
return send_closure(actor_id(this), &Td::send_error, id, r_contact.move_as_error());
}
Expand Down

0 comments on commit 306aec8

Please sign in to comment.