hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: don't crash on objects with toString property

Browse Source
isekai-main
Barış Soner Uşaklı 2 years ago
parent 7397873db3
commit 4d2d76897a
1 changed files with 33 additions and 32 deletions
Show Stats Download Patch File Download Diff File

65
src/socket.io/index.js
Unescape Escape View File

@ -112,48 +112,49 @@ async function onMessage(socket, payload) {
return winston.warn('[socket.io] Empty payload'); return winston.warn('[socket.io] Empty payload');
} }
const eventName = payload.data[0]; let eventName = payload.data[0];
const params = typeof payload.data[1] === 'function' ? {} : payload.data[1]; const params = typeof payload.data[1] === 'function' ? {} : payload.data[1];
const callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () {}; const callback = typeof payload.data[payload.data.length - 1] === 'function' ? payload.data[payload.data.length - 1] : function () {};
if (!eventName) { try {
return winston.warn('[socket.io] Empty method name'); if (!eventName) {
} return winston.warn('[socket.io] Empty method name');
}
if (typeof eventName !== 'string') {
const escapedName = validator.escape(String(eventName));
return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
}
const parts = eventName.split('.'); if (typeof eventName !== 'string') {
const namespace = parts[0]; eventName = typeof eventName;
const methodToCall = parts.reduce((prev, cur) => { const escapedName = validator.escape(eventName);
if (prev !== null && prev[cur] && (!prev.hasOwnProperty || prev.hasOwnProperty(cur))) { return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
return prev[cur];
} }
return null;
}, Namespaces);
if (!methodToCall || typeof methodToCall !== 'function') { const parts = eventName.split('.');
if (process.env.NODE_ENV === 'development') { const namespace = parts[0];
winston.warn(`[socket.io] Unrecognized message: ${eventName}`); const methodToCall = parts.reduce((prev, cur) => {
if (prev !== null && prev[cur] && (!prev.hasOwnProperty || prev.hasOwnProperty(cur))) {
return prev[cur];
}
return null;
}, Namespaces);
if (!methodToCall || typeof methodToCall !== 'function') {
if (process.env.NODE_ENV === 'development') {
winston.warn(`[socket.io] Unrecognized message: ${eventName}`);
}
const escapedName = validator.escape(String(eventName));
return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
} }
const escapedName = validator.escape(String(eventName));
return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
}
socket.previousEvents = socket.previousEvents || []; socket.previousEvents = socket.previousEvents || [];
socket.previousEvents.push(eventName); socket.previousEvents.push(eventName);
if (socket.previousEvents.length > 20) { if (socket.previousEvents.length > 20) {
socket.previousEvents.shift(); socket.previousEvents.shift();
} }
if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) { if (!eventName.startsWith('admin.') && ratelimit.isFlooding(socket)) {
winston.warn(`[socket.io] Too many emits! Disconnecting uid : ${socket.uid}. Events : ${socket.previousEvents}`); winston.warn(`[socket.io] Too many emits! Disconnecting uid : ${socket.uid}. Events : ${socket.previousEvents}`);
return socket.disconnect(); return socket.disconnect();
} }
try {
await checkMaintenance(socket); await checkMaintenance(socket);
await validateSession(socket, '[[error:revalidate-failure]]'); await validateSession(socket, '[[error:revalidate-failure]]');

Write Preview
Loading…
Cancel
Save