[cvslog] (2006-10-01 00:49:10 UTC) Module eggdrop1.9: Change committed!

cvslog cvs at tsss.org
Sat Sep 30 18:49:10 CST 2006


CVSROOT    : /usr/local/cvsroot
Module     : eggdrop1.9
Commit time: 2006-10-01 00:49:10 UTC
Commited by: sven

Modified files:
     lib/eggdrop/users.c lib/eggdrop/users.h src/core_party.c

Log message:

Added sanity checks to usernames. All non-printable characters as well
as " *?" are rejected. The " " is necessary but "*" und "?" might be ok,
so this may change in the future.

---------------------- diff included ----------------------
Index: eggdrop1.9/lib/eggdrop/users.c
diff -u eggdrop1.9/lib/eggdrop/users.c:1.49 eggdrop1.9/lib/eggdrop/users.c:1.50
--- eggdrop1.9/lib/eggdrop/users.c:1.49	Thu Jan  5 21:59:30 2006
+++ eggdrop1.9/lib/eggdrop/users.c	Sat Sep 30 19:48:59 2006
@@ -18,7 +18,7 @@
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: users.c,v 1.49 2006-01-06 03:59:30 sven Exp $";
+static const char rcsid[] = "$Id: users.c,v 1.50 2006-10-01 00:48:59 sven Exp $";
 #endif
 
 #include <eggdrop/eggdrop.h>
@@ -43,6 +43,8 @@
 	flags_t mustnothave[2];
 } cmd_match_data_t;
 
+#define BAD_HANDLE_CHARS " *?"
+
 /* Keep track of the next available uid. Also keep track of when uid's wrap
  * around (probably won't happen), so that we know when we can trust g_uid. */
 static int g_uid = 1, uid_wraparound = 0;
@@ -245,13 +247,23 @@
 	return(uid);
 }
 
+const char *user_invalid_handle(const char *handle)
+{
+	if (user_lookup_by_handle(handle)) return _("Handle already exists!");
+	for (; *handle; ++handle) {
+		if (*handle < 32 || strchr(BAD_HANDLE_CHARS, *handle)) {
+			return _("Handle contains invalid characters!");
+		}
+	}
+	return NULL;
+}
+
 static user_t *real_user_new(const char *handle, int uid)
 {
 	user_t *u;
 
-	/* Make sure the handle is unique. */
-	u = user_lookup_by_handle(handle);
-	if (u) return(NULL);
+	/* Make sure the handle is valid. */
+	if (user_invalid_handle(handle)) return(NULL);
 
 	u = calloc(1, sizeof(*u));
 	u->handle = strdup(handle);
@@ -748,6 +760,7 @@
 {
 	partymember_t *p = NULL;
 
+	if (user_invalid_handle(newhandle)) return 1;
 	p = partymember_lookup_nick(u->handle);
 	hash_table_remove(handle_ht, u->handle, NULL);
 	free(u->handle);
Index: eggdrop1.9/lib/eggdrop/users.h
diff -u eggdrop1.9/lib/eggdrop/users.h:1.16 eggdrop1.9/lib/eggdrop/users.h:1.17
--- eggdrop1.9/lib/eggdrop/users.h:1.16	Tue Oct  5 21:35:15 2004
+++ eggdrop1.9/lib/eggdrop/users.h	Sat Sep 30 19:48:59 2006
@@ -16,7 +16,7 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  *
- * $Id: users.h,v 1.16 2004-10-06 02:35:15 stdarg Exp $
+ * $Id: users.h,v 1.17 2006-10-01 00:48:59 sven Exp $
  */
 
 #ifndef _EGG_USERS_H_
@@ -66,6 +66,7 @@
 
 int user_load(const char *fname);
 int user_save(const char *fname);
+const char *user_invalid_handle(const char *handle);
 user_t *user_new(const char *handle);
 int user_delete(user_t *u);
 user_t *user_lookup_by_handle(const char *handle);
Index: eggdrop1.9/src/core_party.c
diff -u eggdrop1.9/src/core_party.c:1.50 eggdrop1.9/src/core_party.c:1.51
--- eggdrop1.9/src/core_party.c:1.50	Mon Aug 21 20:41:28 2006
+++ eggdrop1.9/src/core_party.c	Sat Sep 30 19:48:59 2006
@@ -18,7 +18,7 @@
  */
 
 #ifndef lint
-static const char rcsid[] = "$Id: core_party.c,v 1.50 2006-08-22 01:41:28 sven Exp $";
+static const char rcsid[] = "$Id: core_party.c,v 1.51 2006-10-01 00:48:59 sven Exp $";
 #endif
 
 #include <eggdrop/eggdrop.h>
@@ -376,14 +376,17 @@
 
 static int party_plus_user(partymember_t *p, const char *nick, user_t *u, const char *cmd, const char *text)
 {
+	const char *error;
 	user_t *newuser;
 
 	if (!text || !*text) {
 		partymember_printf(p, _("Syntax: +user <handle>"));
 		return(0);
 	}
-	if (user_lookup_by_handle(text)) {
-		partymember_printf(p, _("User '%s' already exists!"));
+
+	error = user_invalid_handle(text);
+	if (error) {
+		partymember_printf(p, _("Error: %s"), error);
 		return(0);
 	}
 	newuser = user_new(text);
@@ -669,6 +672,7 @@
 /* Syntax: chhandle <old_handle> <new_handle> */
 static int party_chhandle(partymember_t *p, const char *nick, user_t *u, const char *cmd, const char *text)
 {
+	const char *error;
 	char *old = NULL, *newh = NULL;
 	user_t *dest;
 
@@ -688,8 +692,9 @@
 		return 0;
 	}
 
-	if (user_lookup_by_handle(newh)) {
-		partymember_printf(p, _("Error: User '%s' already exists."), newh);
+	error = user_invalid_handle(newh);
+	if (error) {
+		partymember_printf(p, _("Error: %s"), error);
 		free(old);
 		free(newh);
 		return 0;
----------------------- End of diff -----------------------



More information about the Changes mailing list