From 174c6c744c5eac385da213891a0bae7bb26032f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Astori?= <jeremie@astori.fr>
Date: Sat, 11 Aug 2018 18:06:23 -0400
Subject: [PATCH] Disallow URL override of network-related fields on the client
 when the network is locked

---
 client/js/socket-events/configuration.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/client/js/socket-events/configuration.js b/client/js/socket-events/configuration.js
index 3289dfeb..cf9041e1 100644
--- a/client/js/socket-events/configuration.js
+++ b/client/js/socket-events/configuration.js
@@ -176,6 +176,12 @@ function parseOverrideParams(params, data) {
 			continue;
 		}
 
+		// When the network is locked, URL overrides should not affect disabled fields
+		if (data.lockNetwork &&
+				["host", "port", "tls", "rejectUnauthorized"].includes(key)) {
+			continue;
+		}
+
 		if (key === "join") {
 			value = value.split(",").map((chan) => {
 				if (!chan.match(/^[#&!+]/)) {