2 -- Copyright (C) 2008-2010 Matthew Wild
3 -- Copyright (C) 2008-2010 Waqas Hussain
5 -- This project is MIT/X11 licensed. Please see the
6 -- COPYING file in the source package for more information.
10 local lxp = require "lxp";
11 local st = require "util.stanza";
12 local stanza_mt = st.stanza_mt;
14 local tostring = tostring;
15 local t_insert = table.insert;
16 local t_concat = table.concat;
17 local t_remove = table.remove;
18 local setmetatable = setmetatable;
20 local default_log = require "util.logger".init("xmppstream");
22 -- COMPAT: w/LuaExpat 1.1.0
23 local lxp_supports_doctype = pcall(lxp.new, { StartDoctypeDecl = false });
25 if not lxp_supports_doctype then
26 default_log("warn", "The version of LuaExpat on your system leaves Prosody "
27 .."vulnerable to denial-of-service attacks. You should upgrade to "
28 .."LuaExpat 1.1.1 or higher as soon as possible. See "
29 .."http://prosody.im/doc/depends#luaexpat for more information.");
36 local new_parser = lxp.new;
39 ["http://www.w3.org/XML/1998/namespace"] = "xml";
42 local xmlns_streams = "http://etherx.jabber.org/streams";
44 local ns_separator = "\1";
45 local ns_pattern = "^([^"..ns_separator.."]*)"..ns_separator.."?(.*)$";
47 _M.ns_separator = ns_separator;
48 _M.ns_pattern = ns_pattern;
50 function new_sax_handlers(session, stream_callbacks)
51 local xml_handlers = {};
53 local log = session.log or default_log;
55 local cb_streamopened = stream_callbacks.streamopened;
56 local cb_streamclosed = stream_callbacks.streamclosed;
57 local cb_error = stream_callbacks.error or function(session, e) error("XML stream error: "..tostring(e)); end;
58 local cb_handlestanza = stream_callbacks.handlestanza;
60 local stream_ns = stream_callbacks.stream_ns or xmlns_streams;
61 local stream_tag = stream_callbacks.stream_tag or "stream";
62 if stream_ns ~= "" then
63 stream_tag = stream_ns..ns_separator..stream_tag;
65 local stream_error_tag = stream_ns..ns_separator..(stream_callbacks.error_tag or "error");
67 local stream_default_ns = stream_callbacks.default_ns;
70 local chardata, stanza = {};
71 local non_streamns_depth = 0;
72 function xml_handlers:StartElement(tagname, attr)
73 if stanza and #chardata > 0 then
74 -- We have some character data in the buffer
75 t_insert(stanza, t_concat(chardata));
78 local curr_ns,name = tagname:match(ns_pattern);
80 curr_ns, name = "", curr_ns;
83 if curr_ns ~= stream_default_ns or non_streamns_depth > 0 then
85 non_streamns_depth = non_streamns_depth + 1;
92 local ns, nm = k:match(ns_pattern);
96 attr[ns..":"..nm] = attr[k];
102 if not stanza then --if we are not currently inside a stanza
103 if session.notopen then
104 if tagname == stream_tag then
105 non_streamns_depth = 0;
106 if cb_streamopened then
107 cb_streamopened(session, attr);
110 -- Garbage before stream?
111 cb_error(session, "no-stream");
115 if curr_ns == "jabber:client" and name ~= "iq" and name ~= "presence" and name ~= "message" then
116 cb_error(session, "invalid-top-level-element");
119 stanza = setmetatable({ name = name, attr = attr, tags = {} }, stanza_mt);
120 else -- we are inside a stanza, so add a tag
121 t_insert(stack, stanza);
122 local oldstanza = stanza;
123 stanza = setmetatable({ name = name, attr = attr, tags = {} }, stanza_mt);
124 t_insert(oldstanza, stanza);
125 t_insert(oldstanza.tags, stanza);
128 function xml_handlers:CharacterData(data)
130 t_insert(chardata, data);
133 function xml_handlers:EndElement(tagname)
134 if non_streamns_depth > 0 then
135 non_streamns_depth = non_streamns_depth - 1;
138 if #chardata > 0 then
139 -- We have some character data in the buffer
140 t_insert(stanza, t_concat(chardata));
145 if tagname ~= stream_error_tag then
146 cb_handlestanza(session, stanza);
148 cb_error(session, "stream-error", stanza);
152 stanza = t_remove(stack);
155 if tagname == stream_tag then
156 if cb_streamclosed then
157 cb_streamclosed(session);
160 local curr_ns,name = tagname:match(ns_pattern);
162 curr_ns, name = "", curr_ns;
164 cb_error(session, "parse-error", "unexpected-element-close", name);
166 stanza, chardata = nil, {};
171 local function restricted_handler(parser)
172 cb_error(session, "parse-error", "restricted-xml", "Restricted XML, see RFC 6120 section 11.1.");
173 if not parser:stop() then
174 error("Failed to abort parsing");
178 if lxp_supports_doctype then
179 xml_handlers.StartDoctypeDecl = restricted_handler;
181 xml_handlers.Comment = restricted_handler;
182 xml_handlers.ProcessingInstruction = restricted_handler;
184 local function reset()
185 stanza, chardata = nil, {};
189 local function set_session(stream, new_session)
190 session = new_session;
191 log = new_session.log or default_log;
194 return xml_handlers, { reset = reset, set_session = set_session };
197 function new(session, stream_callbacks)
198 local handlers, meta = new_sax_handlers(session, stream_callbacks);
199 local parser = new_parser(handlers, ns_separator);
200 local parse = parser.parse;
204 parser = new_parser(handlers, ns_separator);
205 parse = parser.parse;
208 feed = function (self, data)
209 return parse(parser, data);
211 set_session = meta.set_session;