From 8754f0e2a5ea49204a0b7e3c459e2a16e0124964 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Wed, 24 Jan 2024 16:44:37 -0500
Subject: [PATCH] additional character check on room alias

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/api/client_server/room.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/api/client_server/room.rs b/src/api/client_server/room.rs
index 8c41c82b..8a36a252 100644
--- a/src/api/client_server/room.rs
+++ b/src/api/client_server/room.rs
@@ -109,6 +109,8 @@ pub async fn create_room_route(
         body.room_alias_name
             .as_ref()
             .map_or(Ok(None), |localpart| {
+
+                // Basic checks on the room alias validity
                 if localpart.contains(':') {
                     return Err(Error::BadRequest(
                         ErrorKind::InvalidParam,
@@ -129,7 +131,13 @@ pub async fn create_room_route(
                         ErrorKind::InvalidParam,
                         "Room alias is excessively long, clients may not be able to handle this. Please shorten it.",
                     ));
+                } else if localpart.contains('"') {
+                    return Err(Error::BadRequest(
+                        ErrorKind::InvalidParam,
+                        "Room alias contained `\"` which is not allowed.",
+                    ));
                 }
+
                 let alias = RoomAliasId::parse(format!(
                     "#{}:{}",
                     localpart,