openvidu-server: check param customSessionId (alphanumeric string)

2020-02-04 11:11:15 +01:00 · 2020-02-04 11:11:15 +01:00 · c2da80429e
parent 189c6264c2
commit c2da80429e
2 changed files with 11 additions and 1 deletions
--- a/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/rest/SessionRestController.java
@ -140,6 +140,11 @@ public class SessionRestController {
 					builder = builder.mediaMode(MediaMode.ROUTED);
 				}
 				if (customSessionId != null && !customSessionId.isEmpty()) {
+					if (!sessionManager.formatChecker.isValidCustomSessionId(customSessionId)) {
+						return this.generateErrorResponse(
+								"Parameter \"customSessionId\" is wrong. Must be an alphanumeric string",
+								"/api/sessions", HttpStatus.BAD_REQUEST);
+					}
 					builder = builder.customSessionId(customSessionId);
 				}
 				builder = builder.defaultCustomLayout((defaultCustomLayout != null) ? defaultCustomLayout : "");
--- a/openvidu-server/src/main/java/io/openvidu/server/utils/FormatChecker.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/utils/FormatChecker.java
@ -29,4 +29,9 @@ public class FormatChecker {
 		return true;
 	}

+	public boolean isValidCustomSessionId(String customSessionId) {
+		// Alphanumeric string
+		return customSessionId.matches("[a-zA-Z0-9]+");
+	}
+
 }