From 95a0045a0db9a54f1d80173452a799e5c43e42ce Mon Sep 17 00:00:00 2001
From: Pavel Djundik <xPaw@users.noreply.github.com>
Date: Wed, 16 Jan 2019 10:52:09 +0200
Subject: [PATCH 1/2] Add an extra check for setting names

---
 src/server.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/server.js b/src/server.js
index e377f47b..df29503b 100644
--- a/src/server.js
+++ b/src/server.js
@@ -494,6 +494,10 @@ function initializeClient(socket, client, token, lastMessage) {
 				return;
 			}
 
+			if (typeof newSetting.name !== "string" || newSetting.name[0] === "_") {
+				return;
+			}
+
 			// Older user configs will not have the clientSettings property.
 			if (!client.config.hasOwnProperty("clientSettings")) {
 				client.config.clientSettings = {};

From e80b058550a8dd893226b02f26414b129514e790 Mon Sep 17 00:00:00 2001
From: Pavel Djundik <xPaw@users.noreply.github.com>
Date: Wed, 16 Jan 2019 10:59:52 +0200
Subject: [PATCH 2/2] Don't allow setting values to be objects

---
 src/server.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/server.js b/src/server.js
index df29503b..d05a0774 100644
--- a/src/server.js
+++ b/src/server.js
@@ -494,7 +494,7 @@ function initializeClient(socket, client, token, lastMessage) {
 				return;
 			}
 
-			if (typeof newSetting.name !== "string" || newSetting.name[0] === "_") {
+			if (typeof newSetting.value === "object" || typeof newSetting.name !== "string" || newSetting.name[0] === "_") {
 				return;
 			}