From b501d648e310aac7a05942827226660baa7784bb Mon Sep 17 00:00:00 2001
From: Pavel Djundik <github@xpaw.me>
Date: Wed, 21 Feb 2018 13:17:56 +0200
Subject: [PATCH] Ignore events on the server if incorrect data is supplied

---
 src/server.js | 59 +++++++++++++++++++++++----------------------------
 1 file changed, 27 insertions(+), 32 deletions(-)

diff --git a/src/server.js b/src/server.js
index 22163cab..8412e478 100644
--- a/src/server.js
+++ b/src/server.js
@@ -273,39 +273,35 @@ function initializeClient(socket, client, token, lastMessage) {
 		client.clientDetach(socket.id);
 	});
 
-	socket.on(
-		"input",
-		function(data) {
+	socket.on("input", (data) => {
+		if (typeof data === "object") {
 			client.input(data);
 		}
-	);
+	});
 
-	socket.on(
-		"more",
-		function(data) {
+	socket.on("more", (data) => {
+		if (typeof data === "object") {
 			const history = client.more(data);
 
 			if (history !== null) {
 				socket.emit("more", history);
 			}
 		}
-	);
+	});
 
-	socket.on(
-		"conn",
-		function(data) {
+	socket.on("conn", (data) => {
+		if (typeof data === "object") {
 			// prevent people from overriding webirc settings
 			data.ip = null;
 			data.hostname = null;
 
 			client.connect(data);
 		}
-	);
+	});
 
 	if (!Helper.config.public && !Helper.config.ldap.enable) {
-		socket.on(
-			"change-password",
-			function(data) {
+		socket.on("change-password", (data) => {
+			if (typeof data === "object") {
 				const old = data.old_password;
 				const p1 = data.new_password;
 				const p2 = data.verify_password;
@@ -351,37 +347,36 @@ function initializeClient(socket, client, token, lastMessage) {
 						log.error(`Error while checking users password. Error: ${error}`);
 					});
 			}
-		);
+		});
 	}
 
-	socket.on(
-		"open",
-		function(data) {
-			client.open(socket.id, data);
-		}
-	);
+	socket.on("open", (data) => {
+		client.open(socket.id, data);
+	});
 
-	socket.on(
-		"sort",
-		function(data) {
+	socket.on("sort", (data) => {
+		if (typeof data === "object") {
 			client.sort(data);
 		}
-	);
+	});
 
-	socket.on(
-		"names",
-		function(data) {
+	socket.on("names", (data) => {
+		if (typeof data === "object") {
 			client.names(data);
 		}
-	);
+	});
 
-	socket.on("changelog", function() {
+	socket.on("changelog", () => {
 		changelog.fetch((data) => {
 			socket.emit("changelog", data);
 		});
 	});
 
-	socket.on("msg:preview:toggle", function(data) {
+	socket.on("msg:preview:toggle", (data) => {
+		if (typeof data !== "object") {
+			return;
+		}
+
 		const networkAndChan = client.find(data.target);
 
 		if (!networkAndChan) {