mod_websocket: Clone stanza before mutating (fixes #1398)

Checking for `stanza.attr.xmlns == nil` to determine if the stanza object is an actual stanza (`<message>`, `<presence>` or `<iq>` in the `jabber:client` or `jabbber:server` namespace) or some other stream element. Since this mutation is not reverted, it may leak to other places and cause them to mistreat stanzas as stream elements. Especially in cases like MUC where a single stanza is broadcast to many recipients.
author: Kim Alvefur <zash@zash.se> 2019-07-20 04:19:58 +0200
committer: Kim Alvefur <zash@zash.se> 2019-07-20 04:19:58 +0200
commit: 022198143dcc0d586030d183ac8ca3368ff6172b (patch)
tree: d3e14031365c5059107e696d558e1750ca1e1cb5 /plugins
parent: 5399b9b9057f8202ceb25e933d10e1825383bc99 (diff)
download: prosody-022198143dcc0d586030d183ac8ca3368ff6172b.tar.gz
prosody-022198143dcc0d586030d183ac8ca3368ff6172b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/plugins/mod_websocket.lua b/plugins/mod_websocket.lua
index b4aba338..686a8981 100644
--- a/plugins/mod_websocket.lua
+++ b/plugins/mod_websocket.lua
@@ -285,6 +285,7 @@ function handle_request(event)
 	end);
 
 	add_filter(session, "stanzas/out", function(stanza)
+		stanza = st.clone(stanza);
 		local attr = stanza.attr;
 		attr.xmlns = attr.xmlns or xmlns_client;
 		if stanza.name:find("^stream:") then
author	Kim Alvefur <zash@zash.se>	2019-07-20 04:19:58 +0200
committer	Kim Alvefur <zash@zash.se>	2019-07-20 04:19:58 +0200
commit	022198143dcc0d586030d183ac8ca3368ff6172b (patch)
tree	d3e14031365c5059107e696d558e1750ca1e1cb5 /plugins
parent	5399b9b9057f8202ceb25e933d10e1825383bc99 (diff)
download	prosody-022198143dcc0d586030d183ac8ca3368ff6172b.tar.gz prosody-022198143dcc0d586030d183ac8ca3368ff6172b.zip