# arch-tag: automatic-ChangeLog--srvx@srvx.net--2004-srvx/srvx--devo--1.3
#
+2004-04-28 19:53:40 GMT Michael Poole <mdpoole@troilus.org> patch-51
+
+ Summary:
+ Sanity check user infolines
+ Revision:
+ srvx--devo--1.3--patch-51
+
+ * Disallow infolines longer than a configured maximum length (by
+ default, 400 characters).
+
+ * Disallow infolines that contain certain characters (currently
+ just ^A).
+
+ modified files:
+ ChangeLog languages/de/strings.db src/chanserv.c
+ srvx.conf.example
+
+
2004-04-12 03:25:03 GMT Michael Poole <mdpoole@troilus.org> patch-50
Summary:
"CSMSG_BAD_DIE_FORMAT" "Was genau soll $b%s$b sein ? Bitte benutze eine einzelne Zahl oder das 4d6+3 Format.";
"CSMSG_BAD_GIVEOPS" "GiveOps kann nicht niedriger sein als GiveVoice (%d).";
"CSMSG_BAD_GIVEVOICE" "GiveVoice kann nicht höher sein als GiveOps (%d).";
+"CSMSG_BAD_INFOLINE" "Du darfst das Zeichen \\%03o nicht in deiner Infozeile haben.";
"CSMSG_BAD_MAX_LENGTH" "$b%s$b ist keine gültige maximale Länge (Sie muss zwischen 20 und 450 Zeichen liegen).";
"CSMSG_BAD_NOTE_ACCESS" "$b%s$b ist kein gültiger Note Zugriffstyp.";
"CSMSG_BAD_NOTE_TYPE" "Note Typ $b%s$b existiert nicht.";
"CSMSG_ILLEGAL_CHANNEL" "$b%s$b ist ein illegaler Channel und kann daher nicht registriert werden.";
"CSMSG_INCORRECT_ACCESS" "%s hat Access Level $b%d$b, nicht %s.";
"CSMSG_INFOLINE_LIST" "Der Account $b%s$b hat in folgenden Channeln Access:";
+"CSMSG_INFOLINE_TOO_LONG" "Deine Infoline darf nicht mehr als %u Zeichen haben.";
"CSMSG_INVALID_ACCESS" "$b%s$b ist ein ungültiger Access Level.";
"CSMSG_INVALID_MODE_LOCK" "$b%s$b ist ein ungültiger Mode Lock.";
"CSMSG_INVALID_NUMERIC" "$b%d$b ist nicht gültig. Wähle:";
#define KEY_NETWORK_HELPER_EPITHET "network_helper_epithet"
#define KEY_SUPPORT_HELPER_EPITHET "support_helper_epithet"
#define KEY_NODELETE_LEVEL "nodelete_level"
+#define KEY_MAX_USERINFO_LENGTH "max_userinfo_length"
/* ChanServ database */
#define KEY_CHANNELS "channels"
{ "CSMSG_ALREADY_PRESENT", "%s is already in $b%s$b." },
{ "CSMSG_YOU_ALREADY_PRESENT", "You are already in $b%s$b." },
{ "CSMSG_LOW_CHANNEL_ACCESS", "You lack sufficient access in %s to use this command." },
+ { "CSMSG_INFOLINE_TOO_LONG", "Your infoline may not exceed %u characters." },
+ { "CSMSG_BAD_INFOLINE", "You may not use the character \\%03o in your infoline." },
{ "CSMSG_KICK_DONE", "Kicked $b%s$b from %s." },
{ "CSMSG_NO_BANS", "No channel bans found on $b%s$b." },
unsigned int max_owned;
unsigned int max_chan_users;
unsigned int max_chan_bans;
+ unsigned int max_userinfo_length;
struct string_list *set_shows;
struct string_list *eightball;
if(argc > 1)
{
+ size_t bp;
infoline = unsplit_string(argv + 1, argc - 1, NULL);
+ if(strlen(infoline) > chanserv_conf.max_userinfo_length)
+ {
+ reply("CSMSG_INFOLINE_TOO_LONG", chanserv_conf.max_userinfo_length);
+ return 0;
+ }
+ bp = strcspn(infoline, "\001");
+ if(infoline[bp])
+ {
+ reply("CSMSG_BAD_INFOLINE", infoline[bp]);
+ return 0;
+ }
if(uData->info)
free(uData->info);
if(infoline[0] == '*' && infoline[1] == 0)
chanserv_conf.max_chan_users = str ? atoi(str) : 512;
str = database_get_data(conf_node, KEY_MAX_CHAN_BANS, RECDB_QSTRING);
chanserv_conf.max_chan_bans = str ? atoi(str) : 512;
+ str = database_get_data(conf_node, KEY_MAX_USERINFO_LENGTH, RECDB_QSTRING);
+ chanserv_conf.max_userinfo_length = str ? atoi(str) : 400;
str = database_get_data(conf_node, KEY_NICK, RECDB_QSTRING);
if(chanserv && str)
NickChange(chanserv, str, 0);