From e0419d9c5d57b45ccc6dba822c64b3f60fb71398 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Wed, 24 Jan 2024 16:48:10 -0500
Subject: [PATCH] custom room ID checks, dont use format! macro due to quotes
 being added

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/api/client_server/room.rs | 43 +++++++++++++++++++++++++++++------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/src/api/client_server/room.rs b/src/api/client_server/room.rs
index fbca186e..2526cbd9 100644
--- a/src/api/client_server/room.rs
+++ b/src/api/client_server/room.rs
@@ -28,7 +28,7 @@ use ruma::{
 };
 use serde_json::{json, value::to_raw_value};
 use std::{cmp::max, collections::BTreeMap, sync::Arc};
-use tracing::{error, info, warn};
+use tracing::{debug, error, info, warn};
 
 /// # `POST /_matrix/client/v3/createRoom`
 ///
@@ -70,12 +70,41 @@ pub async fn create_room_route(
     if let Some(CanonicalJsonValue::Object(json_body)) = &body.json_body {
         match json_body.get("room_id") {
             Some(custom_room_id) => {
-                room_id = RoomId::parse(format!(
-                    "!{}:{}",
-                    custom_room_id,
-                    services().globals.server_name()
-                ))
-                .map_err(|e| {
+                let custom_room_id_s = custom_room_id.to_string();
+
+                // do some checks on the custom room ID similar to room aliases
+                if custom_room_id_s.contains(':') {
+                    return Err(Error::BadRequest(
+                        ErrorKind::InvalidParam,
+                        "Custom room ID contained `:` which is not allowed.
+                    Please note that this expects a localpart, not the full room ID.",
+                    ));
+                } else if custom_room_id_s.contains(char::is_whitespace) {
+                    return Err(Error::BadRequest(
+                        ErrorKind::InvalidParam,
+                        "Custom room ID contained spaces which is not valid.",
+                    ));
+                } else if custom_room_id_s.len() > 255 {
+                    return Err(Error::BadRequest(
+                        ErrorKind::InvalidParam,
+                        "Custom room ID is too long.",
+                    ));
+                }
+
+                let full_room_id = "!".to_owned()
+                    + custom_room_id_s.as_str()
+                    + ":"
+                    + services().globals.server_name().as_ref();
+                debug!("Full room ID: {}", full_room_id);
+
+                if full_room_id.contains('"') {
+                    return Err(Error::BadRequest(
+                        ErrorKind::InvalidParam,
+                        "Custom room ID contained `\"` which is not allowed.",
+                    ));
+                }
+
+                room_id = RoomId::parse(full_room_id).map_err(|e| {
                     info!(
                         "User attempted to create room with custom room ID but failed parsing: {}",
                         e