diff --git a/public/src/app.js b/public/src/app.js index 2e9b479ba6..1ea9bb1976 100644 --- a/public/src/app.js +++ b/public/src/app.js @@ -92,7 +92,7 @@ app.cacheBuster = null; switch(url_parts[0]) { case 'user': - room = 'user/' + ajaxify.data ? ajaxify.data.theirid : 0; + room = 'user/' + (ajaxify.data ? ajaxify.data.theirid : 0); break; case 'topic': room = 'topic_' + url_parts[1]; diff --git a/src/socket.io/meta.js b/src/socket.io/meta.js index 1e1843a1ca..f0c9dd58ae 100644 --- a/src/socket.io/meta.js +++ b/src/socket.io/meta.js @@ -59,6 +59,10 @@ SocketMeta.rooms.enter = function(socket, data, callback) { return callback(new Error('[[error:invalid-data]]')); } + if (data.enter) { + data.enter = data.enter.toString(); + } + if (data.enter && data.enter.startsWith('uid_') && data.enter !== 'uid_' + socket.uid) { return callback(new Error('[[error:not-allowed]]')); }