From 5073176e74f6295307850bdcf36f7fa4f2dfe658 Mon Sep 17 00:00:00 2001 From: Holden Rohrer Date: Fri, 24 Jan 2020 12:28:09 -0500 Subject: fixed vulnerability in sched This vulnerability permitted external users to overwrite the alert for long periods of time --- tools/schedule.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/schedule.js b/tools/schedule.js index 526ebe4..80a6bc3 100644 --- a/tools/schedule.js +++ b/tools/schedule.js @@ -33,9 +33,9 @@ exports.Queue = function(delayms, maxExport, call){ let prio = job.prio; if (!jobs[prio]){ jobs[prio] = []; - prios.splice(0, Math.abs(bs(prios, prio, (el, ne) => el-ne)), prio); // prios is meant to be sorted least to most, and each job layer is too (by "maximum number of rounds"). + prios.splice(Math.abs(bs(prios, prio, (el, ne) => el-ne)), 0, prio); // prios is meant to be sorted least to most, and each job layer is too (by "maximum number of rounds"). } - jobs[prio].splice(0, Math.abs(bs(jobs[prio], job, (el, ne) => el.maxr() - ne.maxr())), job); + jobs[prio].splice(Math.abs(bs(jobs[prio], job, (el, ne) => el.maxr() - ne.maxr())), 0, job); // These were sorted like this so that getNumOrAll could use [0] or [.length-1] or .pop instead of having to re-sort lists repetitively. this.size += job.data.length; if (open) this.dequeue(); -- cgit