Software / code / prosody
Annotate
util/hex.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 12355:a0ff5c438e9d |
| rev | line source |
|---|---|
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
1 local s_char = string.char; |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
2 local s_format = string.format; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
3 local s_gsub = string.gsub; |
|
6802
442019e955dc
util.hex: Normalize hex to lowercase and discard non-hex input
Kim Alvefur <zash@zash.se>
parents:
6545
diff
changeset
|
4 local s_lower = string.lower; |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
5 |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
6 local char_to_hex = {}; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
7 local hex_to_char = {}; |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
8 |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
9 do |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
10 local char, hex; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
11 for i = 0,255 do |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
12 char, hex = s_char(i), s_format("%02x", i); |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
13 char_to_hex[char] = hex; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
14 hex_to_char[hex] = char; |
|
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
15 end |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
16 end |
|
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
17 |
| 6384 | 18 local function to(s) |
|
6545
ec566d7cd518
util.hex: Pedantic optimization, 1 table lookup per byte instead of 3 function calls makes it go faster
Kim Alvefur <zash@zash.se>
parents:
6384
diff
changeset
|
19 return (s_gsub(s, ".", char_to_hex)); |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
20 end |
|
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
21 |
| 6384 | 22 local function from(s) |
|
6802
442019e955dc
util.hex: Normalize hex to lowercase and discard non-hex input
Kim Alvefur <zash@zash.se>
parents:
6545
diff
changeset
|
23 return (s_gsub(s_lower(s), "%X*(%x%x)%X*", hex_to_char)); |
|
6375
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
24 end |
|
76d8907d5301
util.hex: Small util lib for converting to/from hex strings
Matthew Wild <mwild1@gmail.com>
parents:
diff
changeset
|
25 |
|
12355
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
26 return { |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
27 encode = to, decode = from; |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
28 -- COMPAT w/pre-0.12: |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
29 to = to, from = from; |
|
a0ff5c438e9d
util.hex: Deprecate to/from in favour of encode/decode, for consistency!
Matthew Wild <mwild1@gmail.com>
parents:
6802
diff
changeset
|
30 }; |
