matty/peertube-plugin-livechat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Temporary security fix for #332: rollback of v8.3.1:

Browse Source 
* Setting video owner as room owner as side effects. Like leaking the instance moderator/admin list. And maybe others.
  * So we rollback this feature, waiting for a better way to allow room admins/moderators to change room settings.
  * As a consequence, users that are not Peertube moderator/administrator can't change the slow mode configuration without deleting/recreating the room. This will be fixed in a later plugin version.
This commit is contained in:
John Livingston
2024-03-01 15:25:29 +01:00
parent 97b85be4ad
commit f5b9ffe616
38 changed files with 254 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/lib/prosody/config/affiliations.ts
View File

@ -53,7 +53,7 @@ async function _addAffiliationByChannelId (
} else {
const userJid = username + '@' + prosodyDomain
if (!(userJid in r)) { // don't override if already owner!
r[userJid] = 'owner'
r[userJid] = 'admin'
}
}
} catch (error) {
@ -65,7 +65,7 @@ async function getVideoAffiliations (options: RegisterServerOptions, video: MVid
const prosodyDomain = await getProsodyDomain(options)
const r = await _getCommonAffiliations(options, prosodyDomain)
// Adding an 'owner' affiliation for video owner
// Adding an affiliation for video owner
if (!video.remote) {
// don't add the video owner if it is a remote video!
await _addAffiliationByChannelId(options, prosodyDomain, r, video.channelId)