libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-02-01 03:12:42 +01:00
Code Issues Projects Releases Wiki Activity

Validate all 'author' attribs of incoming changesets to be the same value as the current user's authorId

Browse source
This commit is contained in:
Marcel Klehr 2013-03-13 22:23:35 +01:00
parent acb4b4ebaf
commit c30b0b72b8
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/node/handler/PadMessageHandler.js
View file

@ -550,11 +550,16 @@ function handleUserChanges(client, message)
throw "Attribute pool is missing attribute "+n+" for changeset "+changeset; throw "Attribute pool is missing attribute "+n+" for changeset "+changeset;
} }
}); });
// Validate all 'author' attribs to be the same value as the current user
wireApool.eachAttrib(function(type, value) {
if('author' == type && value != thisSession.author) throw "Trying to submit changes as another author"
})
} }
catch(e) catch(e)
{ {
// There is an error in this changeset, so just refuse it // There is an error in this changeset, so just refuse it
console.warn("Can't apply USER_CHANGES "+changeset+", because it failed checkRep"); console.warn("Can't apply USER_CHANGES "+changeset+", because: "+e);
client.json.send({disconnect:"badChangeset"}); client.json.send({disconnect:"badChangeset"});
return; return;
} }