From 670cde78dab5cde61820e4d3aefbfacdca14f2b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 8 Feb 2021 18:36:41 -0500
Subject: [PATCH] feat: add invalid event name to error message

---
 public/language/en-GB/error.json | 1 +
 src/socket.io/index.js           | 4 +++-
 test/socket.io.js                | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/public/language/en-GB/error.json b/public/language/en-GB/error.json
index a2bd79d000..406c915513 100644
--- a/public/language/en-GB/error.json
+++ b/public/language/en-GB/error.json
@@ -25,6 +25,7 @@
 	"invalid-username-or-password": "Please specify both a username and password",
 	"invalid-search-term": "Invalid search term",
 	"invalid-url": "Invalid URL",
+	"invalid-event": "Invalid event: %1",
 	"local-login-disabled": "Local login system has been disabled for non-privileged accounts.",
 	"csrf-invalid": "We were unable to log you in, likely due to an expired session. Please try again",
 
diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index 196ea2ad06..fc07f5f5c6 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -4,6 +4,7 @@ const os = require('os');
 const nconf = require('nconf');
 const winston = require('winston');
 const util = require('util');
+const validator = require('validator');
 const cookieParser = require('cookie-parser')(nconf.get('secret'));
 
 const db = require('../database');
@@ -125,7 +126,8 @@ async function onMessage(socket, payload) {
 		if (process.env.NODE_ENV === 'development') {
 			winston.warn(`[socket.io] Unrecognized message: ${eventName}`);
 		}
-		return callback({ message: '[[error:invalid-event]]' });
+		const escapedName = validator.escape(String(eventName));
+		return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
 	}
 
 	socket.previousEvents = socket.previousEvents || [];
diff --git a/test/socket.io.js b/test/socket.io.js
index 99258801dd..63829fc7eb 100644
--- a/test/socket.io.js
+++ b/test/socket.io.js
@@ -87,7 +87,7 @@ describe('socket.io', () => {
 	it('should return error for unknown event', (done) => {
 		io.emit('unknown.event', (err) => {
 			assert(err);
-			assert.equal(err.message, '[[error:invalid-event]]');
+			assert.equal(err.message, '[[error:invalid-event, unknown.event]]');
 			done();
 		});
 	});