Closed cdroege closed 7 years ago
Well according to xep-0106 escaping should be different. I believe we have another task for this. But server's behavior does not seem to be correct too.
Thanks for the report.
@Ri0n why the server's behaviour is incorrect?
@zinid well according to server logs difference, Psi sends these weird incorrectly escaped quotes and server silently removes them. I think the server should either drop connection or return some error, or at least keep quotes.
See the logs from 16.12, the server send 'bad-request' error with graceful explanation. Befor 16.12 - yes, the behaviour was incorrect.
Ah yes. I see now. I don't know how I haven't noticed this for the first time. So we have two bugs in Psi. incorrect escaping and incorrect errors handling.
Please consider fixing this ASAP, as this is a critical bug: on some servers users get unregistered massively.
I can release a new version but it will take time for users to update anyway.
I obviously understand users will not update their clients instantly. However, this is not an excuse not to fixing the bug :)
fixed in b9a5f341519c4151cae5534e9125c75abcc091e2
After an upgrade to ejabberd 16.12 Psi and Psi+ can delete the current account on the server under certain circumstances:
I found 2 things, that are different in ejabberd 16.12 compared to 16.09:
ask
element (this is not in the attached logs). Although it is recommended in the RFC, it does not have to contain this element.My guess is: The escaping of the JID in Psi does not work correctly (see first iq stanza in both logs), if the server does not send the
ask
element with the roster items. Then Psi will send a unregister request without anyto
element, so the server will receive the unregister request and the server will delete the account.XML log of ejabberd 16.12
XML log of ejabberd 16.09