From 56975d6c639e95c6cb489768ebb065425a6bee7b Mon Sep 17 00:00:00 2001
From: Waqas Hussain <waqas20@gmail.com>
Date: Tue, 22 Nov 2011 02:13:42 +0500
Subject: util.dependencies, util.xmppstream: Move LuaExpat version checking to
 util.dependencies.

---
 util/dependencies.lua | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'util/dependencies.lua')

diff --git a/util/dependencies.lua b/util/dependencies.lua
index 5baea942..53d2719d 100644
--- a/util/dependencies.lua
+++ b/util/dependencies.lua
@@ -136,6 +136,14 @@ function log_warnings()
 			log("error", "This version of LuaSec contains a known bug that causes disconnects, see http://prosody.im/doc/depends");
 		end
 	end
+	if lxp then
+		if not pcall(lxp.new, { StartDoctypeDecl = false }) then
+			log("error", "The version of LuaExpat on your system leaves Prosody "
+				.."vulnerable to denial-of-service attacks. You should upgrade to "
+				.."LuaExpat 1.1.1 or higher as soon as possible. See "
+				.."http://prosody.im/doc/depends#luaexpat for more information.");
+		end
+	end
 end
 
 return _M;
-- 
cgit v1.2.3