# HG changeset patch # User Kim Alvefur # Date 1572705541 -3600 # Node ID 04c4750ff8d22d869bc47f71edd29176fc25efb9 # Parent 4c36bc28b99e79473d1bb62a469a89281f622794 core.sessionmanager: Require that client-requested resources pass strict resourceprep diff -r 4c36bc28b99e -r 04c4750ff8d2 core/sessionmanager.lua --- a/core/sessionmanager.lua Sat Nov 02 15:29:13 2019 +0100 +++ b/core/sessionmanager.lua Sat Nov 02 15:39:01 2019 +0100 @@ -150,7 +150,7 @@ resource = event_payload.resource; end - resource = resourceprep(resource or ""); + resource = resourceprep(resource or "", true); resource = resource ~= "" and resource or generate_identifier(); --FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing