prosody
87dd8639f08f
util/mercurial.lua
Software / code / prosody
File
util/mercurial.lua @ 13843:87dd8639f08f 13.0
mod_invites_register: Stricter validation of registration events
This fixes two problems:
1) Account invites that were created with a specific username were not
in fact restricted to that username.
2) Password reset invites were not restricted to resetting passwords,
but could be used to create an arbitrary new account if the client
or registration frontend (e.g. mod_invites_register_web) doesn't
handle/enforce the username.
This new validation ensures that registrations and resets are always for the
username specified in the invitation.
| author | Matthew Wild <mwild1@gmail.com> |
|---|---|
| date | Thu, 10 Apr 2025 16:07:32 +0100 |
| parent | 10533:a6cc5b844d7b |
line wrap: on
line source
local lfs = require"lfs"; local hg = { }; function hg.check_id(path) if lfs.attributes(path, 'mode') ~= "directory" then return nil, "not a directory"; end local hg_dirstate = io.open(path.."/.hg/dirstate"); local hgid, hgrepo if hg_dirstate then hgid = ("%02x%02x%02x%02x%02x%02x"):format(hg_dirstate:read(6):byte(1, 6)); hg_dirstate:close(); local hg_changelog = io.open(path.."/.hg/store/00changelog.i"); if hg_changelog then hg_changelog:seek("set", 0x20); hgrepo = ("%02x%02x%02x%02x%02x%02x"):format(hg_changelog:read(6):byte(1, 6)); hg_changelog:close(); end else local hg_archival,e = io.open(path.."/.hg_archival.txt"); -- luacheck: ignore 211/e if hg_archival then local repo = hg_archival:read("*l"); local node = hg_archival:read("*l"); hg_archival:close() hgid = node and node:match("^node: (%x%x%x%x%x%x%x%x%x%x%x%x)") hgrepo = repo and repo:match("^repo: (%x%x%x%x%x%x%x%x%x%x%x%x)") end end return hgid, hgrepo; end return hg;
