Merge pull request #2088 from thelounge/xpaw/harden-server-events
Ignore events on the server if incorrect data is supplied
This commit is contained in:
commit
863e9b0b48
@ -284,39 +284,35 @@ function initializeClient(socket, client, token, lastMessage) {
|
|||||||
client.clientDetach(socket.id);
|
client.clientDetach(socket.id);
|
||||||
});
|
});
|
||||||
|
|
||||||
socket.on(
|
socket.on("input", (data) => {
|
||||||
"input",
|
if (typeof data === "object") {
|
||||||
function(data) {
|
|
||||||
client.input(data);
|
client.input(data);
|
||||||
}
|
}
|
||||||
);
|
});
|
||||||
|
|
||||||
socket.on(
|
socket.on("more", (data) => {
|
||||||
"more",
|
if (typeof data === "object") {
|
||||||
function(data) {
|
|
||||||
const history = client.more(data);
|
const history = client.more(data);
|
||||||
|
|
||||||
if (history !== null) {
|
if (history !== null) {
|
||||||
socket.emit("more", history);
|
socket.emit("more", history);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
);
|
});
|
||||||
|
|
||||||
socket.on(
|
socket.on("conn", (data) => {
|
||||||
"conn",
|
if (typeof data === "object") {
|
||||||
function(data) {
|
|
||||||
// prevent people from overriding webirc settings
|
// prevent people from overriding webirc settings
|
||||||
data.ip = null;
|
data.ip = null;
|
||||||
data.hostname = null;
|
data.hostname = null;
|
||||||
|
|
||||||
client.connect(data);
|
client.connect(data);
|
||||||
}
|
}
|
||||||
);
|
});
|
||||||
|
|
||||||
if (!Helper.config.public && !Helper.config.ldap.enable) {
|
if (!Helper.config.public && !Helper.config.ldap.enable) {
|
||||||
socket.on(
|
socket.on("change-password", (data) => {
|
||||||
"change-password",
|
if (typeof data === "object") {
|
||||||
function(data) {
|
|
||||||
const old = data.old_password;
|
const old = data.old_password;
|
||||||
const p1 = data.new_password;
|
const p1 = data.new_password;
|
||||||
const p2 = data.verify_password;
|
const p2 = data.verify_password;
|
||||||
@ -362,37 +358,36 @@ function initializeClient(socket, client, token, lastMessage) {
|
|||||||
log.error(`Error while checking users password. Error: ${error}`);
|
log.error(`Error while checking users password. Error: ${error}`);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
);
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
socket.on(
|
socket.on("open", (data) => {
|
||||||
"open",
|
|
||||||
function(data) {
|
|
||||||
client.open(socket.id, data);
|
client.open(socket.id, data);
|
||||||
}
|
});
|
||||||
);
|
|
||||||
|
|
||||||
socket.on(
|
socket.on("sort", (data) => {
|
||||||
"sort",
|
if (typeof data === "object") {
|
||||||
function(data) {
|
|
||||||
client.sort(data);
|
client.sort(data);
|
||||||
}
|
}
|
||||||
);
|
});
|
||||||
|
|
||||||
socket.on(
|
socket.on("names", (data) => {
|
||||||
"names",
|
if (typeof data === "object") {
|
||||||
function(data) {
|
|
||||||
client.names(data);
|
client.names(data);
|
||||||
}
|
}
|
||||||
);
|
});
|
||||||
|
|
||||||
socket.on("changelog", function() {
|
socket.on("changelog", () => {
|
||||||
changelog.fetch((data) => {
|
changelog.fetch((data) => {
|
||||||
socket.emit("changelog", data);
|
socket.emit("changelog", data);
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
socket.on("msg:preview:toggle", function(data) {
|
socket.on("msg:preview:toggle", (data) => {
|
||||||
|
if (typeof data !== "object") {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
const networkAndChan = client.find(data.target);
|
const networkAndChan = client.find(data.target);
|
||||||
|
|
||||||
if (!networkAndChan) {
|
if (!networkAndChan) {
|
||||||
|
Loading…
Reference in New Issue
Block a user