From eddf86f430cfaebf41030e61041678cf29052bbd Mon Sep 17 00:00:00 2001
From: Juan Navarro <juan.navarro@gmx.es>
Date: Fri, 28 Jan 2022 14:16:04 +0100
Subject: [PATCH] openvidu-server: sanitize string for custom ConnectionId

---
 .../src/main/java/io/openvidu/server/core/SessionManager.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openvidu-server/src/main/java/io/openvidu/server/core/SessionManager.java b/openvidu-server/src/main/java/io/openvidu/server/core/SessionManager.java
index 84653b01..9821b2a2 100644
--- a/openvidu-server/src/main/java/io/openvidu/server/core/SessionManager.java
+++ b/openvidu-server/src/main/java/io/openvidu/server/core/SessionManager.java
@@ -342,11 +342,12 @@ public abstract class SessionManager {
 			try {
 				JsonObject serverMetadataJson = JsonParser.parseString(serverMetadata).getAsJsonObject();
 				String customConnectionId = serverMetadataJson.get("openviduCustomConnectionId").getAsString();
+				customConnectionId = customConnectionId.replaceAll("\\W", ""); // Remove all non-word characters: [^A-Za-z0-9_]
 				customConnectionId = customConnectionId.replaceAll(IdentifierPrefixes.PARTICIPANT_PUBLIC_ID, "");
 				tokenObj.setConnectionId(IdentifierPrefixes.PARTICIPANT_PUBLIC_ID + customConnectionId);
 			} catch (Exception e) {
 				log.debug(
-						"Tried to parse server metadata as JSON after encountering \"openviduCustomConnectionId\" string but failed with {}: {}",
+						"Tried to parse server metadata as JSON after encountering \"openviduCustomConnectionId\" string, but failed with {}: {}",
 						e.getClass().getCanonicalName(), e.getMessage());
 			}
 		}