ambiser
/
openvidu
mirror of https://github.com/OpenVidu/openvidu.git
8
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openvidu-server: check param customSessionId (alphanumeric string)

pull/391/head
pabloFuente 2020-02-04 11:11:15 +01:00
parent 189c6264c2
commit c2da80429e
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
View File

@ -140,6 +140,11 @@ public class SessionRestController {
builder = builder.mediaMode(MediaMode.ROUTED); builder = builder.mediaMode(MediaMode.ROUTED);
} }
if (customSessionId != null && !customSessionId.isEmpty()) { if (customSessionId != null && !customSessionId.isEmpty()) {
if (!sessionManager.formatChecker.isValidCustomSessionId(customSessionId)) {
return this.generateErrorResponse(
"Parameter \"customSessionId\" is wrong. Must be an alphanumeric string",
"/api/sessions", HttpStatus.BAD_REQUEST);
}
builder = builder.customSessionId(customSessionId); builder = builder.customSessionId(customSessionId);
} }
builder = builder.defaultCustomLayout((defaultCustomLayout != null) ? defaultCustomLayout : ""); builder = builder.defaultCustomLayout((defaultCustomLayout != null) ? defaultCustomLayout : "");

5
openvidu-server/src/main/java/io/openvidu/server/utils/FormatChecker.java
View File

@ -29,4 +29,9 @@ public class FormatChecker {
return true; return true;
} }
public boolean isValidCustomSessionId(String customSessionId) {
// Alphanumeric string
return customSessionId.matches("[a-zA-Z0-9]+");
}
} }