aboutsummaryrefslogtreecommitdiffstats
path: root/plugins/mod_auth_insecure.lua
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2019-07-20 04:19:58 +0200
committerKim Alvefur <zash@zash.se>2019-07-20 04:19:58 +0200
commit0d6f101a496bf5aa5bb827432270030192c1e5c8 (patch)
treed3e14031365c5059107e696d558e1750ca1e1cb5 /plugins/mod_auth_insecure.lua
parente22a26259927efe96a2808964e98f1dd42a573e5 (diff)
downloadprosody-0d6f101a496bf5aa5bb827432270030192c1e5c8.tar.gz
prosody-0d6f101a496bf5aa5bb827432270030192c1e5c8.zip
mod_websocket: Clone stanza before mutating (fixes #1398)
Checking for `stanza.attr.xmlns == nil` to determine if the stanza object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the `jabber:client` or `jabbber:server` namespace) or some other stream element. Since this mutation is not reverted, it may leak to other places and cause them to mistreat stanzas as stream elements. Especially in cases like MUC where a single stanza is broadcast to many recipients.
Diffstat (limited to 'plugins/mod_auth_insecure.lua')
0 files changed, 0 insertions, 0 deletions