From: pk910 Date: Mon, 7 Nov 2011 07:03:02 +0000 (+0100) Subject: don't allow non-god users seeing other users' myaccess list X-Git-Tag: v5.3~194 X-Git-Url: http://git.pk910.de/?p=NeonServV5.git;a=commitdiff_plain;h=3a909b1c8c0cd7198cbc6b13438b28a2c9b47e64 don't allow non-god users seeing other users' myaccess list --- diff --git a/src/bot_NeonServ.c b/src/bot_NeonServ.c index 5ef4c8b..4a5de69 100644 --- a/src/bot_NeonServ.c +++ b/src/bot_NeonServ.c @@ -91,6 +91,7 @@ static const struct default_language_entry msgtab[] = { {"NS_SUSPEND_RESTORED", "$b%s$b's access to $b%s$b has been restored." }, /* {ARGS: "TestUser", "#TestChan"} */ {"NS_DELME_KEY", "To really remove yourself, you must use 'deleteme %s'."}, /* {ARGS: "abc123"} */ {"NS_DELME_DONE", "Your $b%d$b access has been deleted from $b%s$b."}, /* {ARGS: 123, "#TestChan"} */ + {"NS_MYACCESS_SELF_ONLY", "You may only see the list of infolines for yourself (by using $bmyaccess$b with no arguments)."}, {"NS_MYACCESS_HEADER", "Showing all channel entries for account $b%s$b:"}, /* {ARGS: "TestAuth"} */ {"NS_MYACCESS_HEADER_MATCH", "Showing all channel entries for account $b%s$b matching %s:"}, /* {ARGS: "TestAuth", "#Test*"} */ {"NS_MYACCESS_HEADER_NAME", "Name"}, diff --git a/src/cmd_neonserv_myaccess.c b/src/cmd_neonserv_myaccess.c index 6480f7a..0ab6418 100644 --- a/src/cmd_neonserv_myaccess.c +++ b/src/cmd_neonserv_myaccess.c @@ -111,6 +111,10 @@ static USERAUTH_CALLBACK(neonserv_cmd_myaccess_nick_lookup) { static void neonserv_cmd_myaccess_async1(struct ClientSocket *client, struct ClientSocket *textclient, struct UserNode *user, struct ChanNode *chan, char *nick, char *auth, char *chanmatch) { //we've got a valid auth now... + if(stricmp(user->auth, auth) && !isGodMode(user)) { + reply(textclient, user, "NS_MYACCESS_SELF_ONLY"); + return; + } MYSQL_RES *res, *default_res; MYSQL_ROW user_row, chanuser_row, default_chan = NULL; char flagBuf[5];