From 3a909b1c8c0cd7198cbc6b13438b28a2c9b47e64 Mon Sep 17 00:00:00 2001 From: pk910 Date: Mon, 7 Nov 2011 08:03:02 +0100 Subject: [PATCH] don't allow non-god users seeing other users' myaccess list --- src/bot_NeonServ.c | 1 + src/cmd_neonserv_myaccess.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/src/bot_NeonServ.c b/src/bot_NeonServ.c index 5ef4c8b..4a5de69 100644 --- a/src/bot_NeonServ.c +++ b/src/bot_NeonServ.c @@ -91,6 +91,7 @@ static const struct default_language_entry msgtab[] = { {"NS_SUSPEND_RESTORED", "$b%s$b's access to $b%s$b has been restored." }, /* {ARGS: "TestUser", "#TestChan"} */ {"NS_DELME_KEY", "To really remove yourself, you must use 'deleteme %s'."}, /* {ARGS: "abc123"} */ {"NS_DELME_DONE", "Your $b%d$b access has been deleted from $b%s$b."}, /* {ARGS: 123, "#TestChan"} */ + {"NS_MYACCESS_SELF_ONLY", "You may only see the list of infolines for yourself (by using $bmyaccess$b with no arguments)."}, {"NS_MYACCESS_HEADER", "Showing all channel entries for account $b%s$b:"}, /* {ARGS: "TestAuth"} */ {"NS_MYACCESS_HEADER_MATCH", "Showing all channel entries for account $b%s$b matching %s:"}, /* {ARGS: "TestAuth", "#Test*"} */ {"NS_MYACCESS_HEADER_NAME", "Name"}, diff --git a/src/cmd_neonserv_myaccess.c b/src/cmd_neonserv_myaccess.c index 6480f7a..0ab6418 100644 --- a/src/cmd_neonserv_myaccess.c +++ b/src/cmd_neonserv_myaccess.c @@ -111,6 +111,10 @@ static USERAUTH_CALLBACK(neonserv_cmd_myaccess_nick_lookup) { static void neonserv_cmd_myaccess_async1(struct ClientSocket *client, struct ClientSocket *textclient, struct UserNode *user, struct ChanNode *chan, char *nick, char *auth, char *chanmatch) { //we've got a valid auth now... + if(stricmp(user->auth, auth) && !isGodMode(user)) { + reply(textclient, user, "NS_MYACCESS_SELF_ONLY"); + return; + } MYSQL_RES *res, *default_res; MYSQL_ROW user_row, chanuser_row, default_chan = NULL; char flagBuf[5]; -- 2.20.1