Software / code / prosody
Annotate
util/envload.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 12576:d1aacc6a81ac |
| rev | line source |
|---|---|
|
5020
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
1 -- Prosody IM |
|
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
2 -- Copyright (C) 2008-2011 Florian Zeitz |
|
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
3 -- |
|
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
4 -- This project is MIT/X11 licensed. Please see the |
|
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
5 -- COPYING file in the source package for more information. |
|
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
6 -- |
|
8416
bc9cb23b604a
util.envload: Ignore "undefined variable" warning for loadstring [luacheck with strict 5.2 or 5.3 checks]
Kim Alvefur <zash@zash.se>
parents:
7930
diff
changeset
|
7 -- luacheck: ignore 113/setfenv 113/loadstring |
|
5020
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
8 |
|
12576
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
9 local load = load; |
|
7924
8487fe9fc335
util.envload: Open file here instead of letting loadfile do it so that all return values from io.open can be collected
Kim Alvefur <zash@zash.se>
parents:
7728
diff
changeset
|
10 local io_open = io.open; |
|
5020
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
11 |
|
12576
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
12 local function envload(code, source, env) |
|
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
13 return load(code, source, nil, env); |
|
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
14 end |
|
5020
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
15 |
|
12576
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
16 local function envloadfile(file, env) |
|
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
17 local fh, err, errno = io_open(file); |
|
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
18 if not fh then return fh, err, errno; end |
|
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
19 local f, err = load(fh:lines(2048), "@" .. file, nil, env); |
|
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
20 fh:close(); |
|
d1aacc6a81ac
util.envload: Remove Lua 5.1 method
Kim Alvefur <zash@zash.se>
parents:
8416
diff
changeset
|
21 return f, err; |
|
5020
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
22 end |
|
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
23 |
|
ef1eb65acbba
util.envload: New module to abstract Lua 5.1's setfenv and Lua 5.2's load
Florian Zeitz <florob@babelmonkeys.de>
parents:
diff
changeset
|
24 return { envload = envload, envloadfile = envloadfile }; |
