diff options
author | John McLear <john@mclear.co.uk> | 2014-11-18 14:56:40 +0000 |
---|---|---|
committer | John McLear <john@mclear.co.uk> | 2014-11-18 14:56:40 +0000 |
commit | 3e8f3cd938995a75e5146a149bf339dd5603416f (patch) | |
tree | 4d5f6059f22cbffd0243c357ff125ecff6e51c43 /src/node/hooks/express/adminplugins.js | |
parent | ff603d7b586f4a8d675e30d8ff659f5c189afd5a (diff) | |
download | etherpad-lite-3e8f3cd938995a75e5146a149bf339dd5603416f.zip |
hrm I dont trust this security
Diffstat (limited to 'src/node/hooks/express/adminplugins.js')
-rw-r--r-- | src/node/hooks/express/adminplugins.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/node/hooks/express/adminplugins.js b/src/node/hooks/express/adminplugins.js index b348c023..ccc100dc 100644 --- a/src/node/hooks/express/adminplugins.js +++ b/src/node/hooks/express/adminplugins.js @@ -24,8 +24,9 @@ exports.expressCreateServer = function (hook_name, args, cb) { exports.socketio = function (hook_name, args, cb) { var io = args.io.of("/pluginfw/installer"); io.on('connection', function (socket) { - console.warn("THIS IS BROKEN", socket.handshake); - if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return; + + console.warn ("The middleware now handles auth but I'm not convinced SocketIO is being responsible enough here so this needs reviewing before hitting master"); + // if (!socket.handshake.session || !socket.handshake.session.user || !socket.handshake.session.user.is_admin) return; socket.on("getInstalled", function (query) { // send currently installed plugins |