Merge pull request #5802 from matrix-org/erikj/deny_redacting_differe…

…nt_room Deny redaction of events in a different room.
matrix-org · Aug 1, 2019 · 58af30a · 58af30a
2 parents 0f632f3 + 0eefb76
commit 58af30a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/changelog.d/5802.misc b/changelog.d/5802.misc
@@ -0,0 +1 @@
+Deny redactions of events sent in a different room. 
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
@@ -795,14 +795,16 @@ def is_inviter_member_event(e):
                 get_prev_content=False,
                 allow_rejected=False,
                 allow_none=True,
-                check_room_id=event.room_id,
             )
 
             # we can make some additional checks now if we have the original event.
             if original_event:
                 if original_event.type == EventTypes.Create:
                     raise AuthError(403, "Redacting create events is not permitted")
 
+                if original_event.room_id != event.room_id:
+                    raise SynapseError(400, "Cannot redact event from a different room")
+
             prev_state_ids = yield context.get_prev_state_ids(self.store)
             auth_events_ids = yield self.auth.compute_auth_events(
                 event, prev_state_ids, for_verification=True