| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
This ensures that we support responses without a content-length header, and
allow streaming them through the streaming handler interface. An example of
such a response would be Server-Sent Events streams.
|
| |
|
|
|
|
| |
Also touching on how arrays are indistinguishable from tables in Lua
|
|
|
|
| |
Full-URI references are not implemented
|
|
|
|
| |
Piped trough `sort -g`
|
|
|
|
|
| |
Passes with memory, internal, sqlite
Fails with postgres as in #1766
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is happens if the account is new and doesn't have any bookmarks
yet, which is not a problem.
Rarely seen since most clients currently use the older version of
XEP-0084 stored in XEP-0049 rather than in PEP, but at least one
(Converse.js )does.
One scenario in which this would show up often is with Converse.js as a
guest chat using anonymous authentication, where all "accounts" would
always be new and not have any bookmarks. This scenario probably does
not need to have mod_bookmarks at all, but if enabled globally it would
likely become loaded onto the VirtualHost unless explicitly disabled.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The JSON Schema specification says that schemas are objects or booleans,
and that the 'type' property is optional and can be an array.
This module previously allowed bare type names as schemas and did not
really handle booleans.
It now handles missing 'type' properties and boolean 'true' as a schema.
Objects and arrays are guessed based on the presence of 'properties' or
'items' field.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MattJ reported a curious issue where validation did not work as
expected. Primarily that the "type" field was expected to be mandatory,
and thus leaving it out would result in no checks being performed.
This was likely caused by misreading during initial development.
Spent some time testing against
https://github.com/json-schema-org/JSON-Schema-Test-Suite.git and
discovered a multitude of issues, far too many to bother splitting into
separate commits.
More than half of them fail. Many because of features not implemented,
which have been marked NYI. For example, some require deep comparisons
e.g. when objects or arrays are present in enums fields.
Some because of quirks with how Lua differs from JavaScript, e.g. no
distinct array or object types. Tests involving fractional floating
point numbers. We're definitely not going to follow references to remote
resources. Or deal with UTF-16 sillyness. One test asserted that 1.0 is
an integer, where Lua 5.3+ will disagree.
|
|
|
|
| |
Example values from RFC 6901
|
|
|
|
|
|
| |
The second return value is (not insensibly) assumed to be an error. Instead of
returning a value there in the success case, copy the positional arguments
into the existing opts table.
|
|
|
|
|
|
| |
Words, sometimes I wonder how they even work
Maybe I missed something.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
These should generally be safe to just ignore, which should be the
default behavior of Expat and LuaExpat
|
|
|
|
|
|
| |
Fixes that a multi-line string ended up "like\
\9this" instead of "like\nthis" as can be demonstrated by somehow
initiating a connection to a HTTP server.
|
|
|
|
| |
A boolean false should blow up.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
|
|
|
|
|
| |
Previously this would end up passing the "max" directly to the
underlying storage.
|
|
|
|
| |
This method is a bit complex so good to have some test coverage
|
| |
|
| |
|
|
|
|
| |
Allows reuse of repetitive definitions in schemas.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The other invocations use it that way, and the only listener in trunk
which uses it (in mod_presence) expects it that way.
Passing the username of the JID from the removed entry causes incorrect
unavailable presence stanzas to be sent, allegedly kicking people off
MUCs.
Fixes #1121.
|
|
|
|
|
|
| |
There was an off-by-one in the modulo calculation. Switching to a plain
old array-table makes the apparent size of the queue wrong, but since
some of the queue may not be available this is likely for the best.
|
|
|
|
|
|
|
|
| |
Meant to be used in mod_smacks for XEP-0198
Meant to have a larger virtual size than actual number of items stored,
on the theory that in most cases, the excess will be acked before needed
for a resumption event.
|
| |
|
|
|
|
| |
Amazing how string.format behaves differently under each Lua version
|
|
|
|
|
|
| |
The more tests I made, the more Lua 5.1 quirks I discovered.
Tests generated using a tool plus some touch-up.
|
| |
|
|
|
|
|
|
|
|
|
| |
Ie. log("debug", "%d", "\1\2\3") should not result in garbage.
Also optimizing for the common case of ASCII string passed to %s and
early returns everywhere.
Returning nil from a gsub callback keeps the original substring.
|
|
|
|
|
|
| |
Should prevent invalid UTF-8 from making it into the logs, which can
cause trouble with terminals or log viewers or other tools, such as when
grep determines that log files are binary.
|
|
|
|
|
| |
Including the payload of the stanza that caused the error is optional
and we're generally not doing it anywhere else.
|
|
|
|
|
|
| |
The numeric error codes seems to have been removed from the examples in
XEP-0045 version 1.24, and were deprecated even by RFC 3920 in 2004,
only allowed for backwards compatibility.
|
| |
|
|
|
|
|
|
|
|
| |
Running woken runners in the next iteration of the event loop prevents
unexpected recursion, unexpected tracebacks, and is generally more
predictable.
The pattern is borrowed from util.promise, where we're now doing the same.
|
|
|
|
|
|
|
|
|
| |
No scheduler set by default, so it will error (we plan to initialize it in
util.startup).
We wanted to avoid a hard dependency on util.timer (which in turn depends on
network backends, etc.), and we didn't add timer.sleep() because we didn't
want to add a hard dependency on util.async for things that don't need it.
|
|
|
|
|
| |
Could not reproduce locally but it complained in CI that
> spec/util_promise_spec.lua:676: Cannot spy on type 'nil', only on functions or callable elements
|
| |
|
|
|
|
| |
Down the rabbit hole we go...
|
|
|
|
|
|
|
| |
Assumes that most number fields are integers, as most numeric types
listed in XEP-0122 are, as are all such fields in Prosody as of this.
Otherwise %g produces something like 1.1259e+15
|
|
|
|
|
| |
So they're separate from the datetime tests, and any future validation
tests
|
|
|
|
| |
Makes it symmetric with parsing.
|
|
|
|
|
| |
Makes more sense than coercing to a string, which would always be
truthy.
|
| |
|
|
|
|
|
|
| |
Clients would generally be using the "max" symbol instead of discovering
this, but this also gets us validation and earlier rejection of out of
bounds values.
|