ghaymah_dev/codepill-sfu
1
0
نسخ 0
الشفرة المشكلات طلبات السحب Actions Packages المشاريع الإصدارات الويكي النشاط

[mirotalksfu] - fix open redirect

تصفح المصدر
هذا الالتزام موجود في:
Miroslav Pejic
2025-02-10 20:10:39 +01:00
الأصل b01d874641
التزام 50e6dfa38c
5 ملفات معدلة مع 29 إضافات و14 حذوفات
تنزيل ملف التصحيح تنزيل ملف الاختلاف توسيع جميع الملفات طي جميع الملفات

20
app/src/Server.js
عرض الملف

@@ -58,7 +58,7 @@ dev dependencies: {
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com * @author Miroslav Pejic - miroslav.pejic.85@gmail.com
* @version 1.7.25 * @version 1.7.26
* *
*/ */
@@ -416,12 +416,22 @@ function startServer() {
}); });
return res.status(400).send({ status: 404, message: err.message }); // Bad request return res.status(400).send({ status: 404, message: err.message }); // Bad request
} }
if (req.path.substr(-1) === '/' && req.path.length > 1) {
// Remove multiple leading slashes & normalize path
let cleanPath = req.path.replace(/^\/+/, ''); // Removes all leading slashes
let query = req.url.slice(req.path.length); let query = req.url.slice(req.path.length);
res.redirect(301, req.path.slice(0, -1) + query);
} else { // Prevent open redirect attacks by checking if the path is an external domain
next(); if (/^([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,}/.test(cleanPath)) {
return res.status(400).send('Bad Request: Potential Open Redirect Detected');
} }
// If a trailing slash exists, redirect to a clean version
if (req.path.endsWith('/') && req.path.length > 1) {
return res.redirect(301, '/' + cleanPath + query);
}
next();
}); });
// OpenID Connect - Dynamically set baseURL based on incoming host and protocol // OpenID Connect - Dynamically set baseURL based on incoming host and protocol

6
package.json
عرض الملف

@@ -1,6 +1,6 @@
{ {
"name": "mirotalksfu", "name": "mirotalksfu",
"version": "1.7.25", "version": "1.7.26",
"description": "WebRTC SFU browser-based video calls", "description": "WebRTC SFU browser-based video calls",
"main": "Server.js", "main": "Server.js",
"scripts": { "scripts": {
@@ -58,7 +58,7 @@
}, },
"dependencies": { "dependencies": {
"@mattermost/client": "10.2.0", "@mattermost/client": "10.2.0",
"@sentry/node": "^8.54.0", "@sentry/node": "^9.0.0",
"axios": "^1.7.9", "axios": "^1.7.9",
"colors": "1.4.0", "colors": "1.4.0",
"compression": "1.7.5", "compression": "1.7.5",
@@ -90,7 +90,7 @@
"mocha": "^11.1.0", "mocha": "^11.1.0",
"node-fetch": "^3.3.2", "node-fetch": "^3.3.2",
"nodemon": "^3.1.9", "nodemon": "^3.1.9",
"prettier": "3.4.2", "prettier": "3.5.0",
"proxyquire": "^2.1.3", "proxyquire": "^2.1.3",
"should": "^13.2.3", "should": "^13.2.3",
"sinon": "^19.0.2" "sinon": "^19.0.2"

2
public/js/Brand.js
عرض الملف

@@ -64,7 +64,7 @@ let BRAND = {
}, },
about: { about: {
imageUrl: '../images/mirotalk-logo.gif', imageUrl: '../images/mirotalk-logo.gif',
title: '<strong>WebRTC SFU v1.7.25</strong>', title: '<strong>WebRTC SFU v1.7.26</strong>',
html: ` html: `
<button <button
id="support-button" id="support-button"

4
public/js/Room.js
عرض الملف

@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com * @author Miroslav Pejic - miroslav.pejic.85@gmail.com
* @version 1.7.25 * @version 1.7.26
* *
*/ */
@@ -4905,7 +4905,7 @@ function showAbout() {
position: 'center', position: 'center',
imageUrl: BRAND.about?.imageUrl && BRAND.about.imageUrl.trim() !== '' ? BRAND.about.imageUrl : image.about, imageUrl: BRAND.about?.imageUrl && BRAND.about.imageUrl.trim() !== '' ? BRAND.about.imageUrl : image.about,
customClass: { image: 'img-about' }, customClass: { image: 'img-about' },
title: BRAND.about?.title && BRAND.about.title.trim() !== '' ? BRAND.about.title : 'WebRTC SFU v1.7.25', title: BRAND.about?.title && BRAND.about.title.trim() !== '' ? BRAND.about.title : 'WebRTC SFU v1.7.26',
html: ` html: `
<br /> <br />
<div id="about"> <div id="about">

9
public/js/RoomClient.js
عرض الملف

@@ -9,7 +9,7 @@
* @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com * @author Miroslav Pejic - miroslav.pejic.85@gmail.com
* @version 1.7.25 * @version 1.7.26
* *
*/ */
@@ -8967,7 +8967,12 @@ class RoomClient {
} catch (error) { } catch (error) {
switch (error.code) { switch (error.code) {
case 'quota_not_enough': case 'quota_not_enough':
this.msgPopup('warning', 'Youve reached your quota limit for this demo account. Please consider upgrading for more features.', 6000, 'top'); this.msgPopup(
'warning',
'Youve reached your quota limit for this demo account. Please consider upgrading for more features.',
6000,
'top',
);
break; break;
// ... // ...
default: default: