refactor: Add params when forwarding message instead of removing unneeded ones

We periodically forget to remove new params from forwarded messages as this can't be catched by existing tests, some examples: bfc08abe88 a1837aeb8c 56b2361f01 This may leak confidential data. Instead, it's better to explicitly list params that we want to forward, then if we forget to forward some param, a test on forwarding messages carrying the new functionality will break, or the bug will be reported earlier, it's easier to notice that some info is missing than some extra info is leaked.
2026-04-02 05:22:14 +03:00 · 2025-12-07 13:21:47 -03:00
parent 5902fe2cbe
commit 3f27be9bcb
2 changed files with 21 additions and 11 deletions
--- a/src/chat.rs
+++ b/src/chat.rs
@@ -4234,6 +4234,9 @@ pub async fn forward_msgs(context: &Context, msg_ids: &[MsgId], chat_id: ChatId)
            bail!("cannot forward drafts.");
        }

+        let mut param = msg.param;
+        msg.param = Params::new();
+
        if msg.get_viewtype() != Viewtype::Sticker {
            msg.param
                .set_int(Param::Forwarded, src_msg_id.to_u32() as i32);
@@ -4243,17 +4246,16 @@ pub async fn forward_msgs(context: &Context, msg_ids: &[MsgId], chat_id: ChatId)
            msg.viewtype = Viewtype::Text;
        }

-        msg.param.remove(Param::GuaranteeE2ee);
-        msg.param.remove(Param::ForcePlaintext);
-        msg.param.remove(Param::Cmd);
-        msg.param.remove(Param::OverrideSenderDisplayname);
-        msg.param.remove(Param::WebxdcDocument);
-        msg.param.remove(Param::WebxdcDocumentTimestamp);
-        msg.param.remove(Param::WebxdcSummary);
-        msg.param.remove(Param::WebxdcSummaryTimestamp);
-        msg.param.remove(Param::IsEdited);
-        msg.param.remove(Param::WebrtcRoom);
-        msg.param.remove(Param::WebrtcAccepted);
+        let param = &mut param;
+        msg.param.steal(param, Param::File);
+        msg.param.steal(param, Param::Filename);
+        msg.param.steal(param, Param::Width);
+        msg.param.steal(param, Param::Height);
+        msg.param.steal(param, Param::Duration);
+        msg.param.steal(param, Param::MimeType);
+        msg.param.steal(param, Param::ProtectQuote);
+        msg.param.steal(param, Param::Quote);
+        msg.param.steal(param, Param::Summary1);
        msg.in_reply_to = None;

        // do not leak data as group names; a default subject is generated by mimefactory
--- a/src/param.rs
+++ b/src/param.rs
@@ -433,6 +433,14 @@ impl Params {
        self.set(key, format!("{value}"));
        self
    }
+
+    pub fn steal(&mut self, src: &mut Self, key: Param) -> &mut Self {
+        let val = src.inner.remove(&key);
+        if let Some(val) = val {
+            self.inner.insert(key, val);
+        }
+        self
+    }
 }

 #[cfg(test)]