Fix for CVE-2024-47779 / GHSA-3jm3-x98c-r34x

2024-10-15 12:37:21 +01:00 · 2024-10-15 12:37:21 +01:00 · bc0ae8de14
commit bc0ae8de14
parent b428b4aa9d
2 changed files with 33 additions and 18 deletions
--- a/src/vector/platform/WebPlatform.ts
+++ b/src/vector/platform/WebPlatform.ts
@ -14,6 +14,7 @@ import { Action } from "matrix-react-sdk/src/dispatcher/actions";
 import { CheckUpdatesPayload } from "matrix-react-sdk/src/dispatcher/payloads/CheckUpdatesPayload";
 import UAParser from "ua-parser-js";
 import { logger } from "matrix-js-sdk/src/logger";
+import { MatrixClientPeg } from "matrix-react-sdk/src/MatrixClientPeg";

 import VectorBasePlatform from "./VectorBasePlatform";
 import { parseQs } from "../url_utils";
@ -62,10 +63,12 @@ export default class WebPlatform extends VectorBasePlatform {
            if (event.data?.["type"] === "userinfo" && event.data?.["responseKey"]) {
                const userId = localStorage.getItem("mx_user_id");
                const deviceId = localStorage.getItem("mx_device_id");
+                const homeserver = MatrixClientPeg.get()?.getHomeserverUrl();
                event.source!.postMessage({
                    responseKey: event.data["responseKey"],
                    userId,
                    deviceId,
+                    homeserver,
                });
            }
        } catch (e) {