Opening the destination at the source's exact mode breaks when the
source lacks owner write (e.g. r-xr-xr-x): the create still works but
the overwrite path can't reopen such a destination for writing. Force
owner read+write while copying and let the trailing Chmod() put the
source mode back, which only ever adds owner bits so the group/other
bits stay as restrictive as the source throughout. Add a regression
test covering the restricted-mode and read-only-source cases.
Pull in gmock so the empty-delimiter Split assertions can keep using
EXPECT_THAT(..., ElementsAre(...)) and IsEmpty(). On failure the matcher
prints the actual vector contents, which EXPECT_TRUE(vempty.empty())
hides behind a bare 'not true'.
Switch the default Referrer-Policy from same-origin to no-referrer so the
webadmin URL (which can carry user/network names in the path) does not
leak to outbound clicks either.
Drop Pragma: no-cache; it is deprecated and modern intermediaries honor
Cache-Control. Simplify Cache-Control to a single no-store directive,
which on its own already prevents storing per RFC 9111; the previous
no-cache, must-revalidate, max-age=0 tail was HTTP/1.0-era padding.
StringTest.cpp does not include gmock, so EXPECT_THAT/ElementsAre/IsEmpty
do not compile and the unittest target fails on every CI configuration.
Use EXPECT_EQ against a VCString and EXPECT_TRUE(empty()) instead, which
keeps the test scope identical without dragging gmock into this file.
Close#2012.
Add X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff and
Referrer-Policy: same-origin to every response so webadmin and module
pages are framed/sniff-protected by default. Add no-store Cache-Control
and Pragma: no-cache on dynamic responses so shared workstations can't
replay authenticated pages from browser history. Skip the cache headers
for 304 and for static asset MIME types (image, font, text/css,
application/javascript) that the existing ETag/Last-Modified path on
PrintFile already handles.
Per review feedback: the emitter is a private WriteHardeningHeaders that
writes each line via the socket directly from PrintHeader, not a public
helper returning a temporary VCString. Callers can override a default
value with AddHeader, or suppress one outright with the new public
OmitHardeningHeader(name).
Tests: drive PrintHeader on a CHTTPSock subclass that captures Write()
calls, then assert with gmock matchers (Contains(StartsWith(...))).
GCC parses "AA\xffA" greedily as \xffA (next character is a hex digit),
which is out of range for char and breaks the Linux CI build. Split the
literal into "AA\xff" "A" so the escape resolves before the next string,
yielding the intended four bytes (A, A, 0xff, A).
Depending on timing between client and server, the initial JOIN can come in either order - in one case forwarding directly from client, in another joining the channels after client disconnected.
ZNC remembers that it should join these channels, and will join them after registration. But if client automatically joins some channels, we don't want it to be added to send queue before parts of registration itself (CAP, AUTHENTICATE), because server will just disconnect with "Registration timeout". After registration is complete, using /join still joins the channel immediately.
Only limiting this to joins, because server may request some input from user to finish registration, and joins are the ones which are prone to be sent automatically by client to cause issues.
Fix#1949
This is a way for admins to mitigate some issues caused by caps if such issues ever arise.
E.g. add this to global level in znc.conf:
DisableClientCap = sasl
DisableServerCap = chghost
DisableServerCap = message-tags
Then these caps will be NAKed to client / not requested from server.
Note that this mechanism doesn't fully prevent a cap from being activated, e.g. one could use *send_raw module to request it from server even when disabled.
Skip failing tests on cygwin: we'll just have to mark the unix socket feature as "experimental", but shouldn't block merging it due to cygwin being weird
Alexey Sokolov