-
Richard Braakman authored
The server was reusing the client's message when broadcasting userinfo updates. This would allow a malicious client to insert arbitrary fields into a message that the other clients would trust as coming from the server. For example, adding "disconnect" or renaming other authors. This commit fixes it by having the server construct a new message with known fields before broadcasting.
e4841212