prosody
4b3c129e96f2
plugins/mod_websocket.lua
Software / code / prosody
Comparison
plugins/mod_websocket.lua @ 10092:4b3c129e96f2 0.11
mod_websocket: Clone stanza before mutating (fixes #1398)
Checking for `stanza.attr.xmlns == nil` to determine if the stanza
object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the
`jabber:client` or `jabbber:server` namespace) or some other stream
element.
Since this mutation is not reverted, it may leak to other places and
cause them to mistreat stanzas as stream elements. Especially in cases
like MUC where a single stanza is broadcast to many recipients.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 20 Jul 2019 04:19:58 +0200 |
| parent | 9805:7bfc4269dc36 |
| child | 10097:1f45d316b222 |
| child | 10581:10d6d0d91f4e |
comparison
equal
deleted
inserted
replaced
| 10060:7a36b7ac309b | 10092:4b3c129e96f2 |
|---|---|
| 283 end | 283 end |
| 284 return t_concat(cache, ""); | 284 return t_concat(cache, ""); |
| 285 end); | 285 end); |
| 286 | 286 |
| 287 add_filter(session, "stanzas/out", function(stanza) | 287 add_filter(session, "stanzas/out", function(stanza) |
| 288 stanza = st.clone(stanza); | |
| 288 local attr = stanza.attr; | 289 local attr = stanza.attr; |
| 289 attr.xmlns = attr.xmlns or xmlns_client; | 290 attr.xmlns = attr.xmlns or xmlns_client; |
| 290 if stanza.name:find("^stream:") then | 291 if stanza.name:find("^stream:") then |
| 291 attr["xmlns:stream"] = attr["xmlns:stream"] or xmlns_streams; | 292 attr["xmlns:stream"] = attr["xmlns:stream"] or xmlns_streams; |
| 292 end | 293 end |
