view loader.lua @ 14150:2a66728d9e29 13.0 13.0.5

mod_proxy65: Consistently apply authorization checks The module checked for authorization when a client asked for the address:port of the proxy service. It did not check for authorization when processing a request to activate a bytestream. This meant that any unauthenticated party able to guess the IP/port and XMPP domain of a proxy65 service (generally low difficulty) would be able to use the proxy to relay traffic between two connections. This factors out the permission check, and applies it to every request type.
author Matthew Wild <mwild1@gmail.com>
date Wed, 29 Apr 2026 11:40:43 +0100
parents ef586363d90f
children 76ece4dd9782
line wrap: on
line source

-- Allow for both require"util.foo" and require"prosody.util.foo" for a
-- transition period while we update all require calls.

if (...) == "prosody.loader" then
	-- For require"util.foo" also look in paths equivalent to "prosody.util.foo"
	package.path = package.path:gsub("([^;]*)(?[^;]*)", "%1prosody/%2;%1%2");
	package.cpath = package.cpath:gsub("([^;]*)(?[^;]*)", "%1prosody/%2;%1%2");
else
	-- When requiring "prosody.x", also look for "x"
	for i = #package.searchers, 1, -1 do
		local search = package.searchers[i];
		table.insert(package.searchers, i, function(module_name)
			local lib = module_name:match("^prosody%.(.*)$");
			if lib then
				return search(lib);
			end
		end)
	end
end

-- Look for already loaded module with or without prefix
setmetatable(package.loaded, {
	__index = function(loaded, module_name)
		local suffix = module_name:match("^prosody%.(.*)$");
		if suffix then
			return rawget(loaded, suffix);
		end
		local prefixed = rawget(loaded, "prosody." .. module_name);
		if prefixed ~= nil then
			return prefixed;
		end
	end;
})