Merge pull request #896 from thecodingmachine/fixXss
FIX: calling emitPlayGlobalMessage in pusher without the admin tag will throw an error
This commit is contained in:
commit
71898bff7d
@ -510,19 +510,6 @@ export class SocketManager {
|
||||
return this.rooms;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param token
|
||||
*/
|
||||
/*searchClientByUuid(uuid: string): ExSocketInterface | null {
|
||||
for(const socket of this.sockets.values()){
|
||||
if(socket.userUuid === uuid){
|
||||
return socket;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}*/
|
||||
|
||||
|
||||
public handleQueryJitsiJwtMessage(user: User, queryJitsiJwtMessage: QueryJitsiJwtMessage) {
|
||||
const room = queryJitsiJwtMessage.getJitsiroom();
|
||||
|
@ -364,6 +364,10 @@ export class SocketManager implements ZoneEventListener {
|
||||
}
|
||||
|
||||
emitPlayGlobalMessage(client: ExSocketInterface, playglobalmessage: PlayGlobalMessage) {
|
||||
if (!client.tags.includes('admin')) {
|
||||
//In case of xss injection, we just kill the connection.
|
||||
throw 'Client is not an admin!';
|
||||
}
|
||||
const pusherToBackMessage = new PusherToBackMessage();
|
||||
pusherToBackMessage.setPlayglobalmessage(playglobalmessage);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user