From 4d2d76897a02e7068ab74c81d17a2febfae8bfb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Tue, 28 Mar 2023 08:08:59 -0400
Subject: [PATCH] fix: don't crash on objects with toString property

---
 src/socket.io/index.js | 65 +++++++++++++++++++++---------------------
 1 file changed, 33 insertions(+), 32 deletions(-)

diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index 30e4e23581..963267ed9a 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -112,48 +112,49 @@ async function onMessage(socket, payload) {
 		return winston.warn('[socket.io] Empty payload');
 	}
 
-	const eventName = payload.data[0];
+	let eventName = payload.data[0];
 	const params = typeof payload.data[1] === 'function' ? {} : payload.data[1];
 	const callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () {};
 
-	if (!eventName) {
-		return winston.warn('[socket.io] Empty method name');
-	}
-
-	if (typeof eventName !== 'string') {
-		const escapedName = validator.escape(String(eventName));
-		return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
-	}
+	try {
+		if (!eventName) {
+			return winston.warn('[socket.io] Empty method name');
+		}
 
-	const parts = eventName.split('.');
-	const namespace = parts[0];
-	const methodToCall = parts.reduce((prev, cur) => {
-		if (prev !== null && prev[cur] && (!prev.hasOwnProperty || prev.hasOwnProperty(cur))) {
-			return prev[cur];
+		if (typeof eventName !== 'string') {
+			eventName = typeof eventName;
+			const escapedName = validator.escape(eventName);
+			return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
 		}
-		return null;
-	}, Namespaces);
 
-	if (!methodToCall || typeof methodToCall !== 'function') {
-		if (process.env.NODE_ENV === 'development') {
-			winston.warn(`[socket.io] Unrecognized message: ${eventName}`);
+		const parts = eventName.split('.');
+		const namespace = parts[0];
+		const methodToCall = parts.reduce((prev, cur) => {
+			if (prev !== null && prev[cur] && (!prev.hasOwnProperty || prev.hasOwnProperty(cur))) {
+				return prev[cur];
+			}
+			return null;
+		}, Namespaces);
+
+		if (!methodToCall || typeof methodToCall !== 'function') {
+			if (process.env.NODE_ENV === 'development') {
+				winston.warn(`[socket.io] Unrecognized message: ${eventName}`);
+			}
+			const escapedName = validator.escape(String(eventName));
+			return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
 		}
-		const escapedName = validator.escape(String(eventName));
-		return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
-	}
 
-	socket.previousEvents = socket.previousEvents || [];
-	socket.previousEvents.push(eventName);
-	if (socket.previousEvents.length > 20) {
-		socket.previousEvents.shift();
-	}
+		socket.previousEvents = socket.previousEvents || [];
+		socket.previousEvents.push(eventName);
+		if (socket.previousEvents.length > 20) {
+			socket.previousEvents.shift();
+		}
 
-	if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
-		winston.warn(`[socket.io] Too many emits! Disconnecting uid : ${socket.uid}. Events : ${socket.previousEvents}`);
-		return socket.disconnect();
-	}
+		if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
+			winston.warn(`[socket.io] Too many emits! Disconnecting uid : ${socket.uid}. Events : ${socket.previousEvents}`);
+			return socket.disconnect();
+		}
 
-	try {
 		await checkMaintenance(socket);
 		await validateSession(socket, '[[error:revalidate-failure]]');