From 4c30996f28bfb6507eb5fb6f730a8769f8d964e3 Mon Sep 17 00:00:00 2001
From: Kitsune Ral <Kitsune-Ral@users.sf.net>
Date: Thu, 10 Jan 2019 16:46:57 +0900
Subject: Security fix: require that state events have state_key

This has been fixed in the past but got undone after the great remaking of the event types system. Further commits will introduce tests to make sure this does not get undone again.
---
 lib/events/stateevent.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/events/stateevent.cpp b/lib/events/stateevent.cpp
index c4151676..e96614d2 100644
--- a/lib/events/stateevent.cpp
+++ b/lib/events/stateevent.cpp
@@ -25,13 +25,15 @@ using namespace QMatrixClient;
 // but the event type is unknown.
 [[gnu::unused]] static auto stateEventTypeInitialised =
     RoomEvent::factory_t::addMethod(
-        [] (const QJsonObject& json, const QString& matrixType)
+        [] (const QJsonObject& json, const QString& matrixType) -> StateEventPtr
         {
+            if (!json.contains("state_key"))
+                return nullptr;
+
             if (auto e = StateEventBase::factory_t::make(json, matrixType))
                 return e;
-            return json.contains("state_key")
-                   ? makeEvent<StateEventBase>(unknownEventTypeId(), json)
-                   : nullptr;
+
+            return makeEvent<StateEventBase>(unknownEventTypeId(), json);
         });
 
 bool StateEventBase::repeatsState() const
-- 
cgit v1.2.3