Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_websocket: Clone stanza before mutating (fixes #1398) 0.11
authorKim Alvefur <zash@zash.se>
Sat, 20 Jul 2019 04:19:58 +0200
branch0.11
changeset 10096 4b3c129e96f2
parent 10064 7a36b7ac309b
child 10101 1f45d316b222
child 10215 224e681c4db2
mod_websocket: Clone stanza before mutating (fixes #1398) Checking for `stanza.attr.xmlns == nil` to determine if the stanza object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the `jabber:client` or `jabbber:server` namespace) or some other stream element. Since this mutation is not reverted, it may leak to other places and cause them to mistreat stanzas as stream elements. Especially in cases like MUC where a single stanza is broadcast to many recipients.
plugins/mod_websocket.lua file | annotate | diff | comparison | revisions 
--- a/plugins/mod_websocket.lua	Mon Jul 08 02:46:27 2019 +0200
+++ b/plugins/mod_websocket.lua	Sat Jul 20 04:19:58 2019 +0200
@@ -285,6 +285,7 @@
 	end);
 
 	add_filter(session, "stanzas/out", function(stanza)
+		stanza = st.clone(stanza);
 		local attr = stanza.attr;
 		attr.xmlns = attr.xmlns or xmlns_client;
 		if stanza.name:find("^stream:") then
prosody