From b1516ea8f0c1121b47eae70e9f18755298026a60 Mon Sep 17 00:00:00 2001 From: Kim Alvefur Date: Sat, 2 Nov 2019 15:39:01 +0100 Subject: core.sessionmanager: Require that client-requested resources pass strict resourceprep --- core/sessionmanager.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core/sessionmanager.lua') diff --git a/core/sessionmanager.lua b/core/sessionmanager.lua index a62db906..6c005fcd 100644 --- a/core/sessionmanager.lua +++ b/core/sessionmanager.lua @@ -150,7 +150,7 @@ local function bind_resource(session, resource) resource = event_payload.resource; end - resource = resourceprep(resource or ""); + resource = resourceprep(resource or "", true); resource = resource ~= "" and resource or generate_identifier(); --FIXME: Randomly-generated resources must be unique per-user, and never conflict with existing -- cgit v1.2.3