Software / code / prosody
Changeset
10092:4b3c129e96f2 0.11
mod_websocket: Clone stanza before mutating (fixes #1398)
Checking for `stanza.attr.xmlns == nil` to determine if the stanza
object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the
`jabber:client` or `jabbber:server` namespace) or some other stream
element.
Since this mutation is not reverted, it may leak to other places and
cause them to mistreat stanzas as stream elements. Especially in cases
like MUC where a single stanza is broadcast to many recipients.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Sat, 20 Jul 2019 04:19:58 +0200 |
| parents | 10060:7a36b7ac309b |
| children | 10097:1f45d316b222 10211:224e681c4db2 |
| files | plugins/mod_websocket.lua |
| diffstat | 1 files changed, 1 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/plugins/mod_websocket.lua Mon Jul 08 02:46:27 2019 +0200 +++ b/plugins/mod_websocket.lua Sat Jul 20 04:19:58 2019 +0200 @@ -285,6 +285,7 @@ end); add_filter(session, "stanzas/out", function(stanza) + stanza = st.clone(stanza); local attr = stanza.attr; attr.xmlns = attr.xmlns or xmlns_client; if stanza.name:find("^stream:") then
