public-offering
/
pad.pub0.org
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: public-offering:develop
Branches Tags
public-offering:dependabot/npm_and_yarn/src/bin/doc/marked-9.1.5
public-offering:develop
public-offering:master
public-offering:feature/bun
public-offering:feature/plugin-viewer
public-offering:fix-admintests-rebased
public-offering:rhansen-sendkeys
public-offering:socket47
public-offering:fix-admintests
public-offering:feature/partial-typescript
public-offering:test-formidable
public-offering:feature/esm
public-offering:npm-v-test
public-offering:npm-bump
public-offering:feature/typescript
public-offering:feature/rollup
public-offering:bisect-plugins
public-offering:test-ueberdb-ts
public-offering:deps1
public-offering:updateleg
public-offering:lockfileV3
public-offering:fix/install-only-production-dependencies
public-offering:npm
public-offering:f3
public-offering:fix/windows-pipeline
public-offering:bump-package-lock
public-offering:bump-ueberdb
public-offering:omit-dev-dependencies
public-offering:package-lock-npm8
public-offering:test-alex-contribution
public-offering:rhansen-chat
public-offering:prohibit-padid-reads
public-offering:minify-threads
public-offering:jquery-update
public-offering:rhansen-webpack
public-offering:fix-textlinesmutator
public-offering:rhansen-changeset
public-offering:jm-dont-focus-when-embedded
public-offering:jm-timeslider-cursplice-fix
public-offering:jm-ol-after-ul
public-offering:rhansen-collab_client
public-offering:fix-express-errorhandling
public-offering:fix-adminupdateplugins
public-offering:fix-copy-bold
public-offering:disable-cache-for-tests
public-offering:refactoring
public-offering:fix-flaky-adminsettings-test
public-offering:pr-4979-for-frontend-tests
public-offering:changelog-add-note-to-plugindevs
public-offering:test-number-of-files
public-offering:export-indent-list-items
public-offering:test-long-list-performance
public-offering:cookie-namespace
public-offering:collab-tests-sl
public-offering:restore-responsiveness-test
public-offering:session-creation-tests
public-offering:frontend-test-line-alignment
public-offering:windows-ci-azure-network-share
public-offering:ace-patch-works-in-chromium
public-offering:working-ace-patch
public-offering:allow-global-etherpadHooks
public-offering:use-less-requests
public-offering:stats-gauges
public-offering:checkPlugins-migrate-from-travis
public-offering:list-test-fix
public-offering:release-script-version
public-offering:admin-tests
public-offering:rhansen-ace2editor
public-offering:mochawesome
public-offering:3227-tests
public-offering:promise-clean-css
public-offering:r-p-opts
public-offering:image-example
public-offering:page-down-up-bugfix
public-offering:only-one-package.json
public-offering:update-sendkeys
public-offering:socket-padid-in-header
public-offering:lint-changeset-files
public-offering:caching-middleware-duplicate-compress
public-offering:lint-AttributePool
public-offering:scroll-to-line-with-scroll.js
public-offering:eplite-cc-and-import-tests
public-offering:plugins-hanging
public-offering:use-rehype-minify-whitespace
public-offering:fix-spaces-bug
public-offering:no-duplicated-packages
public-offering:webdriver-selenium
public-offering:native-events
public-offering:fix-lost-spaces
public-offering:multi-pad-test
public-offering:travis-docker-fix
public-offering:changelog-187
public-offering:export-html-hooks
public-offering:export-etherpad-hooks
public-offering:lint-package-lock
public-offering:fix-css-inlining
public-offering:test-responsivness
public-offering:readd-comments-to-tests
public-offering:docker-travis
public-offering:debug-self-signed-cert
public-offering:debug-select-formatting
public-offering:update-ueber-mssql
public-offering:temp-remove-safari
public-offering:tests-ff-longer
public-offering:readonly-pad-export-tests
public-offering:testing-something-on-resposiveness-test
public-offering:even-slower-safari
public-offering:test-plugins
public-offering:check-backend-plugin-tests
public-offering:test-node-version
public-offering:safari-is-slow
public-offering:testings
public-offering:ep_hash_auth_in_core_tests
public-offering:import-doc-line-breaks
public-offering:ci-for-line-numbers
public-offering:sl-browser-killed
public-offering:bisect-responsivness
public-offering:bugfix-doc-import
public-offering:fix-responsivnesstest
public-offering:integrate-easysync-tests
public-offering:fix-connection-diagnostics
public-offering:saucelabs-parallel
public-offering:Gared-robots.txt
public-offering:dont-run-sauce-tunnel-for-all-tests
public-offering:travis-conditional
public-offering:replace-package-files
public-offering:socketio230v2
public-offering:outdent-ol-on-click
public-offering:fuzz-test-fixes
public-offering:revert-4055-new-chrome-testing-hack-slash-workaround
public-offering:backend-test
public-offering:gateway-timeout-during-tests
public-offering:update_html10n
public-offering:fix/export-wildcards
public-offering:fix/adjust_loading_animation
public-offering:fix-#3157
public-offering:export-author-color
public-offering:deb-package-builder
public-offering:getATtriuteOnSelection-extend
public-offering:remove-sessions-script
public-offering:some-documentation
public-offering:fix-export-regressions
public-offering:prefetch
public-offering:compress-contents-on-startup
public-offering:requirejs
public-offering:express-require
public-offering:requirejs-noiframe
public-offering:iframes-must-die
public-offering:i18n
public-offering:static-versions
public-offering:import-export-improvements
public-offering:blocks-for-custom-script-and-styles
public-offering:cheerio
public-offering:browserify
public-offering:tmp-socketio-debug-resource
public-offering:switch-to-pad
public-offering:use-jsdom
public-offering:only-fire-change-events-once
public-offering:swipe-gestures
public-offering:try/client-init-remove-checkRep
public-offering:image
public-offering:support-images
public-offering:fix/group-export
public-offering:fix/settings-file-arg-absolute
public-offering:toolbarItemsInSettings
public-offering:fix-timeslider
public-offering:test/changeset_req-assertions
public-offering:test/add-assertions-cs_req
public-offering:feature/npm-worker
public-offering:logfilefix
public-offering:indentation
public-offering:fix/admin-settings-json
public-offering:fix-ol-indent
public-offering:clean-css-update
public-offering:html-export-nesting
public-offering:handleClientMessageTimesliderHook
public-offering:drag-to-bottom
public-offering:session-spam-database
public-offering:session-on-timeslider
public-offering:caret-refactor
public-offering:feature/message-domains
public-offering:re-enable-cookies
public-offering:feature/test_ctrl_z
public-offering:fix-import-error
public-offering:authorID-in-userlist
public-offering:webrtc-experiment
public-offering:fix/rtl-option
public-offering:err-on-bad-data
public-offering:releases-1.1.2
public-offering:releases-1.1.1
public-offering:v1.9.4
public-offering:1.9.4
public-offering:v1.9.3
public-offering:1.9.3
public-offering:v1.9.2
public-offering:1.9.2
public-offering:v1.9.1
public-offering:1.9.1
public-offering:v1.9.0
public-offering:1.9.0
public-offering:1.8.18
public-offering:1.8.17
public-offering:1.8.16
public-offering:1.8.15
public-offering:1.8.14
public-offering:1.8.13
public-offering:1.8.12
public-offering:1.8.11
public-offering:1.8.10
public-offering:1.8.9
public-offering:1.8.8
public-offering:1.8.7
public-offering:1.8.6
public-offering:1.8.5
public-offering:1.8.4
public-offering:1.8.3
public-offering:1.8.0
public-offering:1.8.0-beta.1
public-offering:1.7.5
public-offering:1.7.0
public-offering:1.6.6
public-offering:1.6.5
public-offering:1.6.4
public-offering:1.6.3
public-offering:1.6.2
public-offering:1.6.1
public-offering:1.6.0
public-offering:1.5.7
public-offering:1.5.6
public-offering:1.5.5
public-offering:1.5.4
public-offering:1.5.3
public-offering:1.5.2
public-offering:1.5.1
public-offering:1.5.0
public-offering:1.5.0d
public-offering:1.4.1
public-offering:1.4.0
public-offering:1.4.0-rc1
public-offering:1.3.0
public-offering:1.2.12
public-offering:1.2.11
public-offering:1.2.10
public-offering:1.2.91
public-offering:1.2.9
public-offering:1.2.81
public-offering:1.2.8
public-offering:1.2.7
public-offering:1.2.6
public-offering:1.2.5
public-offering:1.2.4
public-offering:1.2.3
public-offering:1.2.2
public-offering:1.2.1
public-offering:1.2.0
public-offering:1.1.5
public-offering:1.1.4
public-offering:1.1.3
public-offering:1.1.2
public-offering:1.1.1
public-offering:1.0
...
pull from: public-offering:prohibit-padid-reads
Branches Tags
public-offering:dependabot/npm_and_yarn/src/bin/doc/marked-9.1.5
public-offering:develop
public-offering:master
public-offering:feature/bun
public-offering:feature/plugin-viewer
public-offering:fix-admintests-rebased
public-offering:rhansen-sendkeys
public-offering:socket47
public-offering:fix-admintests
public-offering:feature/partial-typescript
public-offering:test-formidable
public-offering:feature/esm
public-offering:npm-v-test
public-offering:npm-bump
public-offering:feature/typescript
public-offering:feature/rollup
public-offering:bisect-plugins
public-offering:test-ueberdb-ts
public-offering:deps1
public-offering:updateleg
public-offering:lockfileV3
public-offering:fix/install-only-production-dependencies
public-offering:npm
public-offering:f3
public-offering:fix/windows-pipeline
public-offering:bump-package-lock
public-offering:bump-ueberdb
public-offering:omit-dev-dependencies
public-offering:package-lock-npm8
public-offering:test-alex-contribution
public-offering:rhansen-chat
public-offering:prohibit-padid-reads
public-offering:minify-threads
public-offering:jquery-update
public-offering:rhansen-webpack
public-offering:fix-textlinesmutator
public-offering:rhansen-changeset
public-offering:jm-dont-focus-when-embedded
public-offering:jm-timeslider-cursplice-fix
public-offering:jm-ol-after-ul
public-offering:rhansen-collab_client
public-offering:fix-express-errorhandling
public-offering:fix-adminupdateplugins
public-offering:fix-copy-bold
public-offering:disable-cache-for-tests
public-offering:refactoring
public-offering:fix-flaky-adminsettings-test
public-offering:pr-4979-for-frontend-tests
public-offering:changelog-add-note-to-plugindevs
public-offering:test-number-of-files
public-offering:export-indent-list-items
public-offering:test-long-list-performance
public-offering:cookie-namespace
public-offering:collab-tests-sl
public-offering:restore-responsiveness-test
public-offering:session-creation-tests
public-offering:frontend-test-line-alignment
public-offering:windows-ci-azure-network-share
public-offering:ace-patch-works-in-chromium
public-offering:working-ace-patch
public-offering:allow-global-etherpadHooks
public-offering:use-less-requests
public-offering:stats-gauges
public-offering:checkPlugins-migrate-from-travis
public-offering:list-test-fix
public-offering:release-script-version
public-offering:admin-tests
public-offering:rhansen-ace2editor
public-offering:mochawesome
public-offering:3227-tests
public-offering:promise-clean-css
public-offering:r-p-opts
public-offering:image-example
public-offering:page-down-up-bugfix
public-offering:only-one-package.json
public-offering:update-sendkeys
public-offering:socket-padid-in-header
public-offering:lint-changeset-files
public-offering:caching-middleware-duplicate-compress
public-offering:lint-AttributePool
public-offering:scroll-to-line-with-scroll.js
public-offering:eplite-cc-and-import-tests
public-offering:plugins-hanging
public-offering:use-rehype-minify-whitespace
public-offering:fix-spaces-bug
public-offering:no-duplicated-packages
public-offering:webdriver-selenium
public-offering:native-events
public-offering:fix-lost-spaces
public-offering:multi-pad-test
public-offering:travis-docker-fix
public-offering:changelog-187
public-offering:export-html-hooks
public-offering:export-etherpad-hooks
public-offering:lint-package-lock
public-offering:fix-css-inlining
public-offering:test-responsivness
public-offering:readd-comments-to-tests
public-offering:docker-travis
public-offering:debug-self-signed-cert
public-offering:debug-select-formatting
public-offering:update-ueber-mssql
public-offering:temp-remove-safari
public-offering:tests-ff-longer
public-offering:readonly-pad-export-tests
public-offering:testing-something-on-resposiveness-test
public-offering:even-slower-safari
public-offering:test-plugins
public-offering:check-backend-plugin-tests
public-offering:test-node-version
public-offering:safari-is-slow
public-offering:testings
public-offering:ep_hash_auth_in_core_tests
public-offering:import-doc-line-breaks
public-offering:ci-for-line-numbers
public-offering:sl-browser-killed
public-offering:bisect-responsivness
public-offering:bugfix-doc-import
public-offering:fix-responsivnesstest
public-offering:integrate-easysync-tests
public-offering:fix-connection-diagnostics
public-offering:saucelabs-parallel
public-offering:Gared-robots.txt
public-offering:dont-run-sauce-tunnel-for-all-tests
public-offering:travis-conditional
public-offering:replace-package-files
public-offering:socketio230v2
public-offering:outdent-ol-on-click
public-offering:fuzz-test-fixes
public-offering:revert-4055-new-chrome-testing-hack-slash-workaround
public-offering:backend-test
public-offering:gateway-timeout-during-tests
public-offering:update_html10n
public-offering:fix/export-wildcards
public-offering:fix/adjust_loading_animation
public-offering:fix-#3157
public-offering:export-author-color
public-offering:deb-package-builder
public-offering:getATtriuteOnSelection-extend
public-offering:remove-sessions-script
public-offering:some-documentation
public-offering:fix-export-regressions
public-offering:prefetch
public-offering:compress-contents-on-startup
public-offering:requirejs
public-offering:express-require
public-offering:requirejs-noiframe
public-offering:iframes-must-die
public-offering:i18n
public-offering:static-versions
public-offering:import-export-improvements
public-offering:blocks-for-custom-script-and-styles
public-offering:cheerio
public-offering:browserify
public-offering:tmp-socketio-debug-resource
public-offering:switch-to-pad
public-offering:use-jsdom
public-offering:only-fire-change-events-once
public-offering:swipe-gestures
public-offering:try/client-init-remove-checkRep
public-offering:image
public-offering:support-images
public-offering:fix/group-export
public-offering:fix/settings-file-arg-absolute
public-offering:toolbarItemsInSettings
public-offering:fix-timeslider
public-offering:test/changeset_req-assertions
public-offering:test/add-assertions-cs_req
public-offering:feature/npm-worker
public-offering:logfilefix
public-offering:indentation
public-offering:fix/admin-settings-json
public-offering:fix-ol-indent
public-offering:clean-css-update
public-offering:html-export-nesting
public-offering:handleClientMessageTimesliderHook
public-offering:drag-to-bottom
public-offering:session-spam-database
public-offering:session-on-timeslider
public-offering:caret-refactor
public-offering:feature/message-domains
public-offering:re-enable-cookies
public-offering:feature/test_ctrl_z
public-offering:fix-import-error
public-offering:authorID-in-userlist
public-offering:webrtc-experiment
public-offering:fix/rtl-option
public-offering:err-on-bad-data
public-offering:releases-1.1.2
public-offering:releases-1.1.1
public-offering:v1.9.4
public-offering:1.9.4
public-offering:v1.9.3
public-offering:1.9.3
public-offering:v1.9.2
public-offering:1.9.2
public-offering:v1.9.1
public-offering:1.9.1
public-offering:v1.9.0
public-offering:1.9.0
public-offering:1.8.18
public-offering:1.8.17
public-offering:1.8.16
public-offering:1.8.15
public-offering:1.8.14
public-offering:1.8.13
public-offering:1.8.12
public-offering:1.8.11
public-offering:1.8.10
public-offering:1.8.9
public-offering:1.8.8
public-offering:1.8.7
public-offering:1.8.6
public-offering:1.8.5
public-offering:1.8.4
public-offering:1.8.3
public-offering:1.8.0
public-offering:1.8.0-beta.1
public-offering:1.7.5
public-offering:1.7.0
public-offering:1.6.6
public-offering:1.6.5
public-offering:1.6.4
public-offering:1.6.3
public-offering:1.6.2
public-offering:1.6.1
public-offering:1.6.0
public-offering:1.5.7
public-offering:1.5.6
public-offering:1.5.5
public-offering:1.5.4
public-offering:1.5.3
public-offering:1.5.2
public-offering:1.5.1
public-offering:1.5.0
public-offering:1.5.0d
public-offering:1.4.1
public-offering:1.4.0
public-offering:1.4.0-rc1
public-offering:1.3.0
public-offering:1.2.12
public-offering:1.2.11
public-offering:1.2.10
public-offering:1.2.91
public-offering:1.2.9
public-offering:1.2.81
public-offering:1.2.8
public-offering:1.2.7
public-offering:1.2.6
public-offering:1.2.5
public-offering:1.2.4
public-offering:1.2.3
public-offering:1.2.2
public-offering:1.2.1
public-offering:1.2.0
public-offering:1.1.5
public-offering:1.1.4
public-offering:1.1.3
public-offering:1.1.2
public-offering:1.1.1
public-offering:1.0

1 Commits
develop ... prohibit-p

Author SHA1 Message Date
webzwo0i 1d395bf70b PadMessageHandler: prohibit reading of message.data.padId 2022-02-24 00:14:25 +01:00
1 changed files with 6 additions and 0 deletions
Show Stats Expand all files Collapse all files

6
src/node/handler/PadMessageHandler.js
View File

@ -250,6 +250,12 @@ exports.handleMessage = async (socket, message) => {
throw new Error('message.padId must not be accessed (for security reasons)');
}});
if (message.data) {
Object.defineProperty(message.data, 'padId', {get: () => {
throw new Error('message.data.padId must not be accessed (for security reasons)');
}});
}
const auth = thisSession.auth;
if (!auth) {
const ip = settings.disableIPlogging ? 'ANONYMOUS' : (socket.request.ip || '<unknown>');