Software /
code /
prosody
Diff
core/sessionmanager.lua @ 10378:04c4750ff8d2
core.sessionmanager: Require that client-requested resources pass strict resourceprep
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Sat, 02 Nov 2019 15:39:01 +0100 |
parent | 10372:5482f21a18a2 |
child | 10642:de90b2f5da8c |
line wrap: on
line diff
--- a/core/sessionmanager.lua Sat Nov 02 15:29:13 2019 +0100 +++ b/core/sessionmanager.lua Sat Nov 02 15:39:01 2019 +0100 @@ -150,7 +150,7 @@ resource = event_payload.resource; end - resource = resourceprep(resource or ""); + resource = resourceprep(resource or "", true); resource = resource ~= "" and resource or generate_identifier(); --FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing