diff options
author | Holden Rohrer <hr@hrhr.dev> | 2020-01-24 12:28:09 -0500 |
---|---|---|
committer | Holden Rohrer <hr@hrhr.dev> | 2020-01-24 12:28:09 -0500 |
commit | 5073176e74f6295307850bdcf36f7fa4f2dfe658 (patch) | |
tree | f830692e438c6c05affee1eee42b61508101d144 | |
parent | 42ebf96d28314a5f24a6055859caebed8db06770 (diff) |
fixed vulnerability in sched
This vulnerability permitted external users to overwrite the alert for long periods of time
-rw-r--r-- | tools/schedule.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tools/schedule.js b/tools/schedule.js index 526ebe4..80a6bc3 100644 --- a/tools/schedule.js +++ b/tools/schedule.js @@ -33,9 +33,9 @@ exports.Queue = function(delayms, maxExport, call){ let prio = job.prio; if (!jobs[prio]){ jobs[prio] = []; - prios.splice(0, Math.abs(bs(prios, prio, (el, ne) => el-ne)), prio); // prios is meant to be sorted least to most, and each job layer is too (by "maximum number of rounds"). + prios.splice(Math.abs(bs(prios, prio, (el, ne) => el-ne)), 0, prio); // prios is meant to be sorted least to most, and each job layer is too (by "maximum number of rounds"). } - jobs[prio].splice(0, Math.abs(bs(jobs[prio], job, (el, ne) => el.maxr() - ne.maxr())), job); + jobs[prio].splice(Math.abs(bs(jobs[prio], job, (el, ne) => el.maxr() - ne.maxr())), 0, job); // These were sorted like this so that getNumOrAll could use [0] or [.length-1] or .pop instead of having to re-sort lists repetitively. this.size += job.data.length; if (open) this.dequeue(); |