supernets/hardlounge
supernets/hardlounge
4
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2088 from thelounge/xpaw/harden-server-events

Browse Source 
Ignore events on the server if incorrect data is supplied
This commit is contained in:
Jérémie Astori 2018-02-21 09:57:19 -05:00 committed by GitHub
commit 863e9b0b48
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 27 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
src/server.js
View File

@ -284,39 +284,35 @@ function initializeClient(socket, client, token, lastMessage) {
client.clientDetach(socket.id); client.clientDetach(socket.id);
}); });
socket.on( socket.on("input", (data) => {
"input", if (typeof data === "object") {
function(data) {
client.input(data); client.input(data);
} }
); });
socket.on( socket.on("more", (data) => {
"more", if (typeof data === "object") {
function(data) {
const history = client.more(data); const history = client.more(data);
if (history !== null) { if (history !== null) {
socket.emit("more", history); socket.emit("more", history);
} }
} }
); });
socket.on( socket.on("conn", (data) => {
"conn", if (typeof data === "object") {
function(data) {
// prevent people from overriding webirc settings // prevent people from overriding webirc settings
data.ip = null; data.ip = null;
data.hostname = null; data.hostname = null;
client.connect(data); client.connect(data);
} }
); });
if (!Helper.config.public && !Helper.config.ldap.enable) { if (!Helper.config.public && !Helper.config.ldap.enable) {
socket.on( socket.on("change-password", (data) => {
"change-password", if (typeof data === "object") {
function(data) {
const old = data.old_password; const old = data.old_password;
const p1 = data.new_password; const p1 = data.new_password;
const p2 = data.verify_password; const p2 = data.verify_password;
@ -362,37 +358,36 @@ function initializeClient(socket, client, token, lastMessage) {
log.error(`Error while checking users password. Error: ${error}`); log.error(`Error while checking users password. Error: ${error}`);
}); });
} }
); });
} }
socket.on( socket.on("open", (data) => {
"open",
function(data) {
client.open(socket.id, data); client.open(socket.id, data);
} });
);
socket.on( socket.on("sort", (data) => {
"sort", if (typeof data === "object") {
function(data) {
client.sort(data); client.sort(data);
} }
); });
socket.on( socket.on("names", (data) => {
"names", if (typeof data === "object") {
function(data) {
client.names(data); client.names(data);
} }
); });
socket.on("changelog", function() { socket.on("changelog", () => {
changelog.fetch((data) => { changelog.fetch((data) => {
socket.emit("changelog", data); socket.emit("changelog", data);
}); });
}); });
socket.on("msg:preview:toggle", function(data) { socket.on("msg:preview:toggle", (data) => {
if (typeof data !== "object") {
return;
}
const networkAndChan = client.find(data.target); const networkAndChan = client.find(data.target);
if (!networkAndChan) { if (!networkAndChan) {