Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | mod_storage_xep0227: Skip self-contacts on roster import | Matthew Wild | 2022-01-14 | 1 | -11/+15 |
| | |||||
* | util.xml: Do not allow doctypes, comments or processing instructions | Jonas Schäfer | 2022-01-10 | 2 | -3/+56 |
| | | | | | | | | | | | | | | | | | | Yes. This is as bad as it sounds. CVE pending. In Prosody itself, this only affects mod_websocket, which uses util.xml to parse the <open/> frame, thus allowing unauthenticated remote DoS using Billion Laughs. However, third-party modules using util.xml may also be affected by this. This commit installs handlers which disallow the use of doctype declarations and processing instructions without any escape hatch. It, by default, also introduces such a handler for comments, however, there is a way to enable comments nontheless. This is because util.xml is used to parse human-facing data, where comments are generally a desirable feature, and also because comments are generally harmless. | ||||
* | mod_http_file_share: Always measure total disk usage for statistics! | Kim Alvefur | 2022-01-11 | 1 | -49/+46 |
| | | | | | | | | | | | Metrics available or not depending on configuration is weird, even tho it might be expensive to calculate and it's only really needed when there is a global quota. Default quota is set to infinity, which is essentially what it was. Reports NaN if there is an error, which should count as over the infinite default quota. | ||||
* | mod_bookmarks: Fix traceback on attempt to convert invalid bookmark | Kim Alvefur | 2022-01-11 | 1 | -4/+9 |
| | | | | | | | | Found by accidentally publishing {urn:xmpp:bookmarks:0}conference instead of :1 due to testing this earlier for the blocking. By the principle of garbage in, garbage out, just generate a bookmark from the item id / JID and carry on with a warning. | ||||
* | mod_bookmarks: Block publishing to older XEP-0402 v0.3.0 node | Kim Alvefur | 2022-01-10 | 1 | -1/+8 |
| | | | | | | | | Having both the :0 and :1 nodes would be especially awkward, since there is no upgrade path for this case. In theory, these should be rare since no clients should have been doing XEP-0402 unless mod_bookmarks(2) was enabled. This was guesstimated to be rare with most clients doing XEP-0048 with Private XML. | ||||
* | mod_storage_xep0227: Fix writing non-user data | Kim Alvefur | 2022-01-10 | 1 | -2/+3 |
| | | | | | | | Attempt to concatenate nil 'user' Not much data actually makes sense but the migrator tries to write or clear these. | ||||
* | mod_storage_xep0227: Ignore luacheck warning | Matthew Wild | 2022-01-10 | 1 | -1/+1 |
| | |||||
* | mod_storage_xep0227: Support for exporting nodes with no stored configuration | Matthew Wild | 2022-01-10 | 1 | -0/+3 |
| | |||||
* | mod_storage_xep0227: Allow overriding the input/output layer for XEP-0227 data | Matthew Wild | 2022-01-10 | 1 | -27/+49 |
| | | | | This can (and will) be used to support in-memory import/export functions. | ||||
* | mod_bookmarks: Skip migration of legacy data when empty | Kim Alvefur | 2022-01-10 | 1 | -1/+1 |
| | | | | Should save some cycles and not log the debug message on every login. | ||||
* | mod_bookmarks: Make sure legacy bookmarks node exists to hold access model | Kim Alvefur | 2022-01-10 | 1 | -19/+28 |
| | |||||
* | mod_bookmarks: Broadcast notifications per XEP-0048 and XEP-0411 | Kim Alvefur | 2022-01-09 | 2 | -0/+43 |
| | | | | For compatibility with clients relying on the notifications | ||||
* | util.prosodyctl.cert: Fix boolean logic bug | Kim Alvefur | 2022-01-09 | 1 | -1/+1 |
| | | | | | | | Boolean logic, never correct on the first try. We want to skip copying the same cert if it _has_ been imported already, not if it has not. | ||||
* | migrator: Support pubsub and pep as a special-case | Kim Alvefur | 2022-01-09 | 2 | -10/+25 |
| | | | | | This sorta overloads the type suffix but PEP is used for enough stuff to justify this hack | ||||
* | migrator: Enhance logging | Kim Alvefur | 2022-01-09 | 1 | -4/+11 |
| | |||||
* | migrator: Add option to keep going despite errors | Kim Alvefur | 2022-01-09 | 1 | -0/+14 |
| | |||||
* | migrator: Also migrate host/non-user archive data | Kim Alvefur | 2022-01-09 | 1 | -3/+2 |
| | | | | Needed for things like mod_http_file_share | ||||
* | migrator: Refactor out individual item migrator for code deduplication | Kim Alvefur | 2022-01-09 | 1 | -16/+18 |
| | |||||
* | migrator: Include --options in usage info | Kim Alvefur | 2022-01-09 | 1 | -1/+4 |
| | |||||
* | migrator: Reuse earlier usage text | Kim Alvefur | 2022-01-09 | 1 | -3/+7 |
| | |||||
* | migrator: Customise cli argument parsing (--help, --verbose) | Kim Alvefur | 2022-01-09 | 1 | -1/+8 |
| | | | | | Previously -v etc would do nothing and --config without argument would not have worked correctly. | ||||
* | util.startup: Allow supplying an argument parsing settings | Kim Alvefur | 2022-01-09 | 1 | -2/+2 |
| | | | | | | The 'prosody' global is not global this early so there was no way to override the process type field or argument parsing settings from outside, e.g. from the migrator. | ||||
* | util.prosodyctl.check: Parameterize replacement instructions | Kim Alvefur | 2022-01-08 | 1 | -11/+25 |
| | | | | | This ought to make it easier to translate in the future. And easier to reword, now! | ||||
* | util.prosodyctl.check: Move word to ease future translations | Kim Alvefur | 2022-01-08 | 1 | -13/+13 |
| | | | | | | | | | | | Recent experience with translations in the context of Snikket highlighted that sentences spread across concatenated strings like this makes the experience less than pleasant for translators. We don't have translation yet, but it is a future goal and why not? The duplication can be solved with a parameterized function for the common cases. | ||||
* | util.prosodyctl.check: Use same wording about 'daemonize' and 'no_daemonize' | Kim Alvefur | 2022-01-08 | 1 | -1/+1 |
| | | | | Why would they use different wording? | ||||
* | mod_bookmarks: Add option for disabling upgrade of legacy bookmarks | Kim Alvefur | 2022-01-08 | 1 | -1/+3 |
| | | | | | Might be nice to reduce amount of things happening on connect once all users has upgraded | ||||
* | mod_bookmarks: Unhook PEP service objects on removal from cache | Kim Alvefur | 2022-01-08 | 1 | -1/+4 |
| | | | | See 1dc00ca6ee9d | ||||
* | util.pposix: Use mallinfo2() on glibc 2.33, fix #1649 | Kim Alvefur | 2022-01-06 | 1 | -5/+12 |
| | |||||
* | util.pubsub: Fix item store resize to "max" | Kim Alvefur | 2022-01-06 | 4 | -1/+28 |
| | | | | | Previously this would end up passing the "max" directly to the underlying storage. | ||||
* | mod_bookmarks: Override the node configuration if it was wrong | Emmanuel Gil Peyrot | 2022-01-06 | 1 | -0/+20 |
| | |||||
* | mod_invites: Comment on module loading for HTTP invite URLs | Kim Alvefur | 2022-01-05 | 1 | -0/+1 |
| | |||||
* | core.certmanager: Disable DANE name checks (not needed for XMPP) | Kim Alvefur | 2021-09-16 | 1 | -1/+1 |
| | | | | | | | Pending https://github.com/brunoos/luasec/pull/179 Should not be done globally, but rather only for s2sout, but that would have to be in mod_tls then. | ||||
* | mod_bookmarks: Remove compatibility with 0.11 | Emmanuel Gil Peyrot | 2022-01-04 | 1 | -6/+0 |
| | |||||
* | mod_bookmarks: Import mod_bookmarks2 from prosody-modules @ ad7767a9f3ea | Emmanuel Gil Peyrot | 2022-01-04 | 3 | -0/+417 |
| | |||||
* | util.dependencies: Enable warning about missing lua-unbound | Kim Alvefur | 2022-01-05 | 1 | -3/+2 |
| | | | | Packages exists now. | ||||
* | core.modulemanager: Remove compat for mod_console rename in 0.8 | Kim Alvefur | 2022-01-05 | 1 | -7/+0 |
| | | | | | Should no longer be needed, especially since mod_admin_telnet morphed into mod_admin_shell and mod_admin_socket | ||||
* | mod_invites_adhoc: Import from prosody-modules@5001104f0275 | Kim Alvefur | 2022-01-05 | 2 | -0/+127 |
| | |||||
* | mod_invites_register: Import from prosody-modules@797b51043767 | Kim Alvefur | 2021-12-29 | 3 | -0/+177 |
| | |||||
* | mod_invites: Silence luacheck warning | Kim Alvefur | 2022-01-05 | 1 | -1/+1 |
| | |||||
* | mod_invites: Import from prosdy-modules@5fc306239db3 | Kim Alvefur | 2021-12-27 | 2 | -0/+340 |
| | |||||
* | util.stanza: Cover :find method in tests | Kim Alvefur | 2021-12-31 | 1 | -0/+12 |
| | | | | This method is a bit complex so good to have some test coverage | ||||
* | util.stanza: Remove dead code | Kim Alvefur | 2021-12-31 | 1 | -5/+0 |
| | | | | | These cases are caught by `check_text(v, ..)` above. Those errors do not contain the attribute however, which would have been nice. | ||||
* | util.stanza: Increase test coverage to cover validation errors | Kim Alvefur | 2021-12-31 | 1 | -0/+25 |
| | |||||
* | util.stanza: Make type error message consistent with others | Kim Alvefur | 2021-12-31 | 1 | -1/+1 |
| | |||||
* | mod_smacks: Log error to silence luacheck | Kim Alvefur | 2021-12-31 | 1 | -0/+2 |
| | |||||
* | mod_smacks: Limit "old" session resumption counters | Kim Alvefur | 2021-12-31 | 1 | -0/+19 |
| | | | | | | Doing this when creating a whole new session seems reasonable because it is already expensive and this is when it may be adding to the old session store, while a successful resumption should be plus-minus zero. | ||||
* | mod_smacks: Record timestamp with persisted counters | Kim Alvefur | 2021-12-31 | 1 | -2/+4 |
| | | | | | For future cleanup routine when people inevitably complain about this data being stored there forever | ||||
* | util_datamapper: Fix typo in unit tests | Kim Alvefur | 2021-12-29 | 1 | -1/+1 |
| | |||||
* | util.datamapper: Add support for $ref pointers | Kim Alvefur | 2021-12-29 | 3 | -40/+81 |
| | | | | Allows reuse of repetitive definitions in schemas. | ||||
* | util.jsonschema: Add support for $ref pointers | Kim Alvefur | 2021-12-29 | 2 | -44/+70 |
| |