[mirotalksfu] - improvements

2024-08-06 12:34:46 +02:00
--- a/public/js/Common.js
+++ b/public/js/Common.js
@@ -222,9 +222,10 @@ function joinRoom() {
        return;
    }
    if (!roomValid) {
-        alert('Invalid Room name!\nMust be a UUID4 or an ALPHANUMERIC string without special characters.');
+        alert('Invalid Room name!\nPath traversal pattern detected!');
        return;
    }
+
    window.location.href = '/join/' + roomName;
    window.localStorage.lastRoom = roomName;
 }
@@ -233,9 +234,8 @@ function isValidRoomName(input) {
    if (typeof input !== 'string') {
        return false;
    }
-    const pattern =
-        /^(?:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-4[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}|[A-Za-z0-9-_]+)$/;
-    return pattern.test(input);
+    const pathTraversalPattern = /(\.\.(\/|\\))+/;
+    return !pathTraversalPattern.test(input);
 }

 function adultContent() {
--- a/public/js/Room.js
+++ b/public/js/Room.js
@@ -11,7 +11,7 @@ if (location.href.substr(0, 5) !== 'https') location.href = 'https' + location.h
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.41
+ * @version 1.5.42
 *
 */

@@ -4335,7 +4335,7 @@ function showAbout() {
        imageUrl: image.about,
        customClass: { image: 'img-about' },
        position: 'center',
-        title: 'WebRTC SFU v1.5.41',
+        title: 'WebRTC SFU v1.5.42',
        html: `
        <br />
        <div id="about">
--- a/public/js/RoomClient.js
+++ b/public/js/RoomClient.js
@@ -9,7 +9,7 @@
 * @license For commercial or closed source, contact us at license.mirotalk@gmail.com or purchase directly via CodeCanyon
 * @license CodeCanyon: https://codecanyon.net/item/mirotalk-sfu-webrtc-realtime-video-conferences/40769970
 * @author  Miroslav Pejic - miroslav.pejic.85@gmail.com
- * @version 1.5.41
+ * @version 1.5.42
 *
 */

@@ -400,9 +400,7 @@ class RoomClient {
            .then(async (room) => {
                console.log('##### JOIN ROOM #####', room);
                if (room === 'invalid') {
-                    console.log(
-                        '00-WARNING ----> Room is Invalid! Must be a UUID4 or an ALPHANUMERIC string without special characters or spaces',
-                    );
+                    console.log('00-WARNING ----> Invalid Room name! Path traversal pattern detected!');
                    return this.roomInvalid();
                }
                if (room === 'notAllowed') {
@@ -6178,7 +6176,7 @@ class RoomClient {
            background: swalBackground,
            imageUrl: image.forbidden,
            title: 'Oops, Room not valid',
-            text: 'Invalid room name! Must be a UUID4 or an ALPHANUMERIC string without special characters or spaces',
+            text: 'Invalid Room name! Path traversal pattern detected!',
            confirmButtonText: `OK`,
            showClass: { popup: 'animate__animated animate__fadeInDown' },
            hideClass: { popup: 'animate__animated animate__fadeOutUp' },