Useful for Web APIs and all other kinds of things.
API changes:
- Added public CHTTPSock::GetURI() method
- Added public CModule::ValidateWebRequestCSRFCheck() method
- Made CWebSock::GetCSRFCheck() method public so it can be accessed
from CModule
- Added public CWebSock::ValidateCSRFCheck() method
Other changes:
- Added a Sample Web API module (modules/samplewebapi.cpp) and a
simple web form with no CSRF check.
Implements feature request #1180.
If OpenSSL 1.1 is configured in such a way that features deprecated in 0.9.8 are not built, then compile errors would result here.
I also noticed a potential memory leak where pRSA was not always freed before early return from this function - fixed by using C++11 unique_ptr.
Allows hooking into query buffer playback before and after all the
lines of the query buffer are replayed. The EModRet return value
has no effect at the moment, but may be used in the future to e.g.
prevent playback. The Chan version of these signals use EModRet to
skip emitting the status message, but not the whole playback.
A few different implementations of computing the current time were
spread out through the code base, most of them using gettimeofday().
This centralizes the logic in CUtil::GetTime() for easier maintenance,
and also allows all call sites to get the benefit of the clock_gettime()
code path on systems that support it.
The gettimeofday function returns 0 for success, not for failure. As a
result of the inverted logic we were losing millisecond precision when
parsing incoming messages on non-HAVE_CLOCK_GETTIME systems (macOS).
We preserve the time of the original message by making a copy of it,
and just changing the nick, which we then pass on to the CMessage
overload of PutClient, which converts the timestamp into a @time tag.
Use an updated list of Default Ciphers, pulled from the same Mozilla recommendations.
This was pulled by me on June 3, 2016, thought we should update the cipherlist since it's been 5 months since it was last updated.
Added the following two network-specific configuration options that can
be changed via controlpanel or webadmin:
* TrustAllCerts: Will trust ALL certificates when enabled, effectively
disabling TLS certificate validation.
Default value: false
* TrustPKI: Whether or not to trust PKI-valid certificates. Setting this
to false will make znc trust only trusted certificates added by the
user.
Default value: true
With default values, behavior is exactly the same as before.
This is based on the work of Roelf Wichertjes. See YourBNC/znc@5c747598.
See znc/znc#866.
Alexey Sokolov