Validate room/event ID are valid

Author: Fizzadar

synapse/rest/client/receipts.py

@@ -20,7 +20,7 @@
 from synapse.http.server import HttpServer
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.http.site import SynapseRequest
-from synapse.types import JsonDict
+from synapse.types import EventID, JsonDict, RoomID
 
 from ._base import client_patterns
 
@@ -56,8 +56,8 @@ async def on_POST(
     ) -> Tuple[int, JsonDict]:
         requester = await self.auth.get_user_by_req(request)
 
-        if not room_id or not event_id:
-            raise SynapseError(400, "A room ID and event ID must be specified")
+        if not RoomID.is_valid(room_id) or not event_id.startswith(EventID.SIGIL):
+            raise SynapseError(400, "A valid room ID and event ID must be specified")
 
         if receipt_type not in self._known_receipt_types:
             raise SynapseError(