From 91c2e5ac25e5a3a5d9ad92a84950cc37a7ac6d12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Fri, 25 Nov 2022 09:02:08 -0500
Subject: [PATCH 1/3] refactor: not deprecated on 2.x

---
 public/src/modules/helpers.common.js | 1 -
 1 file changed, 1 deletion(-)

diff --git a/public/src/modules/helpers.common.js b/public/src/modules/helpers.common.js
index 04ab16c3f8..25907fb446 100644
--- a/public/src/modules/helpers.common.js
+++ b/public/src/modules/helpers.common.js
@@ -181,7 +181,6 @@ module.exports = function (utils, Benchpress, relative_path) {
 	}
 
 	function renderTopicEvents(index, sort) {
-		console.warn('[renderTopicEvents] deprecated, use a partial at partials/topic/event.tpl');
 		if (sort === 'most_votes') {
 			return '';
 		}

From 0e495f9ea4bde434dd4c2d03ad25509e55475abd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Fri, 25 Nov 2022 14:26:37 -0500
Subject: [PATCH 2/3] fix: #11066, fix custom privilege/path in routePrefixMap

will find most specific path
---
 src/privileges/admin.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/privileges/admin.js b/src/privileges/admin.js
index 9c05749caa..1f7255f52a 100644
--- a/src/privileges/admin.js
+++ b/src/privileges/admin.js
@@ -109,8 +109,13 @@ privsAdmin.resolve = (path) => {
 		return privsAdmin.routeMap[path];
 	}
 
-	const found = Object.entries(privsAdmin.routePrefixMap).find(entry => path.startsWith(entry[0]));
-	return found ? found[1] : undefined;
+	const found = Object.entries(privsAdmin.routePrefixMap)
+		.filter(entry => path.startsWith(entry[0]))
+		.sort((entry1, entry2) => entry2[0].length - entry1[0].length);
+	if (!found.length) {
+		return undefined;
+	}
+	return found[0][1]; // [0] is path [1] is privilege
 };
 
 privsAdmin.list = async function (uid) {

From 48d143921753914da45926cca6370a92ed0c46b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Sun, 27 Nov 2022 19:32:35 -0500
Subject: [PATCH 3/3] fix: prototype vulnerability in socket.io onMessage

---
 src/socket.io/index.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index 58134ae2e2..b77edbb57d 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -13,7 +13,7 @@ const logger = require('../logger');
 const plugins = require('../plugins');
 const ratelimit = require('../middleware/ratelimit');
 
-const Namespaces = {};
+const Namespaces = Object.create(null);
 
 const Sockets = module.exports;