Prevent setting push rules via account data endpoint (#2333)

This commit is contained in:
Neil Alexander 2022-04-08 10:46:23 +01:00 committed by GitHub
parent 63b7c3da46
commit b8c97431b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -95,10 +95,10 @@ func SaveAccountData(
}
}
if dataType == "m.fully_read" {
if dataType == "m.fully_read" || dataType == "m.push_rules" {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("Unable to set read marker"),
JSON: jsonerror.Forbidden(fmt.Sprintf("Unable to modify %q using this API", dataType)),
}
}