Apply additional validation to edits.

Author: clokep

synapse/events/utils.py

@@ -473,7 +473,7 @@ async def _injected_bundled_aggregations(
 
         edit = None
         if event.type == EventTypes.Message:
-            edit = await self.store.get_applicable_edit(event_id)
+            edit = await self.store.get_applicable_edit(event_id, room_id)
 
         if edit:
             # If there is an edit replace the content, preserving existing

synapse/storage/databases/main/events.py

@@ -1780,7 +1780,9 @@ def _handle_event_relations(
         )
 
         if rel_type == RelationTypes.REPLACE:
-            txn.call_after(self.store.get_applicable_edit.invalidate, (parent_id,))
+            txn.call_after(
+                self.store.get_applicable_edit.invalidate, (parent_id, event.room_id)
+            )
 
         if rel_type == RelationTypes.THREAD:
             txn.call_after(

synapse/storage/databases/main/relations.py

@@ -296,14 +296,17 @@ def _get_aggregation_groups_for_event_txn(
         )
 
     @cached()
-    async def get_applicable_edit(self, event_id: str) -> Optional[EventBase]:
+    async def get_applicable_edit(
+        self, event_id: str, room_id: str
+    ) -> Optional[EventBase]:
         """Get the most recent edit (if any) that has happened for the given
         event.
 
         Correctly handles checking whether edits were allowed to happen.
 
         Args:
             event_id: The original event ID
+            room_id: The original event's room ID
 
         Returns:
             The most recent edit, if any.
@@ -325,13 +328,14 @@ async def get_applicable_edit(self, event_id: str) -> Optional[EventBase]:
             WHERE
                 relates_to_id = ?
                 AND relation_type = ?
+                AND edit.room_id = ?
                 AND edit.type = 'm.room.message'
             ORDER by edit.origin_server_ts DESC, edit.event_id DESC
             LIMIT 1
         """
 
         def _get_applicable_edit_txn(txn: LoggingTransaction) -> Optional[str]:
-            txn.execute(sql, (event_id, RelationTypes.REPLACE))
+            txn.execute(sql, (event_id, RelationTypes.REPLACE, room_id))
             row = txn.fetchone()
             if row:
                 return row[0]

tests/rest/client/test_relations.py

@@ -665,8 +665,7 @@ def test_ignore_invalid_room(self):
         with patch(
             "synapse.handlers.message.EventCreationHandler._validate_event_relation"
         ):
-            # Generate a reaction, reference, and thread relations from a
-            # different room.
+            # Generate a various relations from a different room.
             self.get_success(
                 inject_event(
                     self.hs,
@@ -717,6 +716,27 @@ def test_ignore_invalid_room(self):
                 )
             )
 
+            self.get_success(
+                inject_event(
+                    self.hs,
+                    room_id=self.room,
+                    type="m.room.message",
+                    sender=self.user_id,
+                    content={
+                        "body": "foo",
+                        "msgtype": "m.text",
+                        "new_content": {
+                            "body": "new content",
+                            "msgtype": "m.text",
+                        },
+                        "m.relates_to": {
+                            "rel_type": RelationTypes.REPLACE,
+                            "event_id": parent_id,
+                        },
+                    },
+                )
+            )
+
         # They should be ignored when fetching relations.
         channel = self.make_request(
             "GET",