federation/eventauth: disable underscore support in string power levels

federation/eventauth/eventauth.go

@@ -799,7 +799,7 @@ func parsePythonInt(val gjson.Result) *int {
 		return ptr.Ptr(int(val.Int()))
 	case gjson.String:
 		// strconv.Atoi accepts signs as well as leading zeroes, so we just need to trim spaces beforehand
-		num, err := strconv.Atoi(removeUnderscores(strings.TrimSpace(val.Str)))
+		num, err := strconv.Atoi(strings.TrimSpace(val.Str))
 		if err != nil {
 			return nil
 		}
@@ -810,15 +810,6 @@ func parsePythonInt(val gjson.Result) *int {
 	}
 }
 
-func removeUnderscores(num string) string {
-	numWithoutSign := strings.TrimPrefix(strings.TrimPrefix(num, "+"), "-")
-	if strings.HasPrefix(numWithoutSign, "_") || strings.HasSuffix(numWithoutSign, "_") {
-		// Leading or trailing underscores are not valid, let strconv.Atoi fail
-		return num
-	}
-	return strings.ReplaceAll(num, "_", "")
-}
-
 func safeParsePowerLevels(content jsontext.Value, into *event.PowerLevelsEventContent) {
 	*into = event.PowerLevelsEventContent{
 		Users:           make(map[id.UserID]int),

federation/eventauth/eventauth_internal_test.go

@@ -41,13 +41,14 @@ var pythonIntTests = []pythonIntTest{
 	{"StringWithMinusSign", `"-123"`, -123},
 	{"StringWithSpaces", `"  123  "`, 123},
 	{"StringWithSpacesAndSign", `"  -123  "`, -123},
-	{"StringWithUnderscores", `"123_456"`, 123456},
-	{"StringWithUnderscores", `"123_456"`, 123456},
+	//{"StringWithUnderscores", `"123_456"`, 123456},
+	//{"StringWithUnderscores", `"123_456"`, 123456},
 	{"InvalidStringWithTrailingUnderscore", `"123_456_"`, 0},
+	{"InvalidStringWithMultipleUnderscores", `"123__456"`, 0},
 	{"InvalidStringWithLeadingUnderscore", `"_123_456"`, 0},
 	{"InvalidStringWithUnderscoreAfterSign", `"+_123_456"`, 0},
 	{"InvalidStringWithUnderscoreAfterSpace", `"  _123_456"`, 0},
-	{"StringWithUnderscoresAndSpaces", `"  +1_2_3_4_5_6  "`, 123456},
+	//{"StringWithUnderscoresAndSpaces", `"  +1_2_3_4_5_6  "`, 123456},
 }
 
 func TestParsePythonInt(t *testing.T) {