From 7ec2019a3b5fa7905b4ad99b23e29da61a426be7 Mon Sep 17 00:00:00 2001 From: tt2468 Date: Mon, 4 May 2020 17:36:11 -0700 Subject: [PATCH] Require target in `call()` method The `call` method used to allow both `to` and `sid` to be `None`, however without a target, it broadcasts to all connected clients, and can have very disastrous results in some cases. --- socketio/asyncio_server.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/socketio/asyncio_server.py b/socketio/asyncio_server.py index dcb4307..845f5b3 100644 --- a/socketio/asyncio_server.py +++ b/socketio/asyncio_server.py @@ -209,6 +209,8 @@ class AsyncServer(server.Server): Note 2: this method is a coroutine. """ + if to == None and sid == None: + raise TypeError('Missing `to` or `sid`.') if not self.async_handlers: raise RuntimeError( 'Cannot use call() when async_handlers is False.')