SECURITY FIX: Kiwi is vulnerable to XSS attack due to unsanitised topic text. Issue...

[KiwiIRC.git] / server / kiwi.js

diff --git a/server/kiwi.js b/server/kiwi.js
index a4afaa28644c6d89cb7f05820a75a8ad888b53bf..e8dbc73b219ec3f7d6deb21f5591d28f2657a234 100755 (executable)
--- a/server/kiwi.js
+++ b/server/kiwi.js
@@ -4,6 +4,7 @@ var tls = require('tls'),
     net = require('net'),
     http = require('http'),
     https = require('https'),
+    node_static = require('node-static'),
     fs = require('fs'),
     url = require('url'),
     dns = require('dns'),
@@ -96,7 +97,7 @@ this.recode = function () {
     app = null;
     app = require(__dirname + '/app.js');
 
-    var objs = {tls:tls, net:net, http:http, https:https, fs:fs, url:url, dns:dns, crypto:crypto, events:events, util:util, ws:ws, jsp:jsp, pro:pro, _:_, starttls:starttls};
+    var objs = {tls:tls, net:net, http:http, https:https, node_static:node_static, fs:fs, url:url, dns:dns, crypto:crypto, events:events, util:util, ws:ws, jsp:jsp, pro:pro, _:_, starttls:starttls};
     app.init(objs);
     app.rebindIRCCommands();
 
@@ -126,12 +127,11 @@ if (!this.loadConfig()) {
  */
 if (this.config.handle_http) {
     this.fileServer = new (require('node-static').Server)(__dirname + this.config.public_http);
-    this.jade = require('jade');
     this.cache = {alljs: '', html: []};
 }
 this.httpServers = [];
-this.httpHandler = function (request, response, server) {
-    return app.httpHandler(request, response, server);
+this.httpHandler = function (request, response) {
+    return app.httpHandler(request, response);
 }
 
 
@@ -156,6 +156,9 @@ this.websocketDisconnect = function () {
 this.websocketMessage = function (msg, callback) {
     return app.websocketMessage(this, msg, callback);
 }
+this.websocketKiwiMessage = function (msg, callback) {
+    return app.websocketKiwiMessage(this, msg, callback);
+}
 this.websocketIRCConnect = function (nick, host, port, ssl, callback) {
     return app.websocketIRCConnect(this, nick, host, port, ssl, callback);
 }