From 88a13d7604ba13e611fd82582007405ca3cfe9a8 Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Thu, 29 Mar 2012 22:20:29 +0700 Subject: [PATCH 01/11] Fix XHTML in webadmin pages. Thanks to Zetas for reporting it. --- modules/data/webadmin/tmpl/add_edit_network.tmpl | 2 +- modules/data/webadmin/tmpl/add_edit_user.tmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/data/webadmin/tmpl/add_edit_network.tmpl b/modules/data/webadmin/tmpl/add_edit_network.tmpl index 782ab298..0ed7a8ed 100644 --- a/modules/data/webadmin/tmpl/add_edit_network.tmpl +++ b/modules/data/webadmin/tmpl/add_edit_network.tmpl @@ -117,7 +117,7 @@ BufferCount Options -   <- Add a channel (opens in same page)   + <- Add a channel (opens in same page) diff --git a/modules/data/webadmin/tmpl/add_edit_user.tmpl b/modules/data/webadmin/tmpl/add_edit_user.tmpl index 115f9f82..33322555 100644 --- a/modules/data/webadmin/tmpl/add_edit_user.tmpl +++ b/modules/data/webadmin/tmpl/add_edit_user.tmpl @@ -117,7 +117,7 @@ Name -   <- Add a network (opens in same page)   + <- Add a network (opens in same page) From 95053f4db48d881f8eefd2558d90b2851bfc2e89 Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Thu, 29 Mar 2012 23:28:25 +0700 Subject: [PATCH 02/11] Increase the version number to 0.207 --- configure.ac | 2 +- include/znc/main.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index f49ad863..c5fb0140 100644 --- a/configure.ac +++ b/configure.ac @@ -7,7 +7,7 @@ AC_DEFUN([AC_PROG_CC], [m4_errprint(__file__:__line__[: Something is trying to u dnl Needed for AC_PATH_PROGS_FEATURE_CHECK which was added in 2.62 AC_PREREQ([2.62]) dnl Keep the version number in sync with main.h! -AC_INIT([znc], [0.205]) +AC_INIT([znc], [0.207]) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([src/znc.cpp]) AC_LANG([C++]) diff --git a/include/znc/main.h b/include/znc/main.h index 3ac92305..b80b6034 100644 --- a/include/znc/main.h +++ b/include/znc/main.h @@ -13,7 +13,7 @@ // The following defines are for #if comparison (preprocessor only likes ints) #define VERSION_MAJOR 0 -#define VERSION_MINOR 205 +#define VERSION_MINOR 207 // This one is for display purpose #define VERSION (VERSION_MAJOR + VERSION_MINOR / 1000.0) From d5b84f50db49a572ed9e3ca15a472922c7d70930 Mon Sep 17 00:00:00 2001 From: Uli Schlachter Date: Fri, 30 Mar 2012 23:13:03 +0200 Subject: [PATCH 03/11] Fix an dangerous substr() call A malicious IRCd could send a WHO reply for a nick which consisted completely out of prefix characters (thus an empty nick). In this case std::string::find_first_of() would return std::string::npos. This argument would make std::string::substr() throw an exception and kill the process. Signed-off-by: Uli Schlachter --- src/IRCSock.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/IRCSock.cpp b/src/IRCSock.cpp index 7d6b2f41..e5f988e9 100644 --- a/src/IRCSock.cpp +++ b/src/IRCSock.cpp @@ -330,10 +330,14 @@ void CIRCSock::ReadLine(const CString& sData) { // The client doesn't support multi-prefix so we need to remove // the other prefixes. - CString sNewLine = sServer + " 352 " + sLine.Token(2) + " " + \ - sLine.Token(3) + " " + sIdent + " " + sHost + " " + \ - sLine.Token(6) + " " + sNick[0] + \ - sNick.substr(sNick.find_first_not_of(GetPerms())) + " " + \ + CString sNewNick = sNick; + size_t pos = sNick.find_first_not_of(GetPerms()); + if (pos >= 2 && pos != CString::npos) { + sNewNick = sNick[0] + sNick.substr(pos); + } + CString sNewLine = sServer + " 352 " + sLine.Token(2) + " " + + sLine.Token(3) + " " + sIdent + " " + sHost + " " + + sLine.Token(6) + " " + sNewNick + " " + sLine.Token(8, true); m_pNetwork->PutUser(sNewLine, pClient); } From ed5610f3635c6f44b5e6d6af86e37e72c2b0a84f Mon Sep 17 00:00:00 2001 From: Uli Schlachter Date: Fri, 30 Mar 2012 23:15:57 +0200 Subject: [PATCH 04/11] imapauth: Follow RFC more closely The IMAP RFC allows the server to announce its capabilities before replying to the LOGIN command. imapauth would misinterpret that as a failed login. The fix is to only handle lines which contain the tag ("AUTH") used for the login command. Thanks to rlpowell for reporting that imapauth doesn't work against imap.google.com and for testing the fix. Signed-off-by: Uli Schlachter --- modules/imapauth.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/imapauth.cpp b/modules/imapauth.cpp index a17e85fd..944e505a 100644 --- a/modules/imapauth.cpp +++ b/modules/imapauth.cpp @@ -134,7 +134,7 @@ void CIMAPSock::ReadLine(const CString& sLine) { } Write("AUTH LOGIN " + sUsername + " " + m_spAuth->GetPassword() + "\r\n"); - } else { + } else if (sLine.Left(5) == "AUTH ") { CUser* pUser = CZNC::Get().FindUser(m_spAuth->GetUsername()); if (pUser && sLine.Equals("AUTH OK", false, 7)) { From c252a239d7504d7170803ee0d3d1c06057d2c8e2 Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Sat, 31 Mar 2012 06:22:25 +0700 Subject: [PATCH 05/11] Fix HTML style. Thanks to Jens-Andre Koch for suggestion. --- modules/data/certauth/tmpl/index.tmpl | 2 +- modules/data/lastseen/tmpl/lastseen_WebadminUser.tmpl | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/modules/data/certauth/tmpl/index.tmpl b/modules/data/certauth/tmpl/index.tmpl index 6ff06a14..e9169a1d 100644 --- a/modules/data/certauth/tmpl/index.tmpl +++ b/modules/data/certauth/tmpl/index.tmpl @@ -25,7 +25,7 @@ - + diff --git a/modules/data/lastseen/tmpl/lastseen_WebadminUser.tmpl b/modules/data/lastseen/tmpl/lastseen_WebadminUser.tmpl index 266254b8..e8617543 100644 --- a/modules/data/lastseen/tmpl/lastseen_WebadminUser.tmpl +++ b/modules/data/lastseen/tmpl/lastseen_WebadminUser.tmpl @@ -1,9 +1,8 @@
-
Last login time:
-
+ +
-
From 28f6809af8cdc4a53ce9b492277030cbfcda450e Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Sat, 31 Mar 2012 06:48:24 +0700 Subject: [PATCH 06/11] Webadmin: edit listen ports --- include/znc/znc.h | 4 +- modules/data/webadmin/tmpl/settings.tmpl | 79 ++++++++++----- modules/webadmin.cpp | 122 +++++++++++++++++++++++ webskins/_default_/pub/_default_.css | 8 +- webskins/ice/pub/ice.css | 2 +- 5 files changed, 183 insertions(+), 32 deletions(-) diff --git a/include/znc/znc.h b/include/znc/znc.h index b663fc3f..43087c68 100644 --- a/include/znc/znc.h +++ b/include/znc/znc.h @@ -143,6 +143,8 @@ public: // Listener yummy CListener* FindListener(u_short uPort, const CString& BindHost, EAddrType eAddr); bool AddListener(CListener*); + bool AddListener(unsigned int uPort, const CString& sBindHost, bool bSSL, + EAddrType eAddr, CListener::EAcceptType eAccept, CString& sError); bool DelListener(CListener*); // Message of the Day @@ -178,8 +180,6 @@ private: CString MakeConfigHeader(); bool AddListener(const CString& sLine, CString& sError); bool AddListener(CConfig* pConfig, CString& sError); - bool AddListener(unsigned int uPort, const CString& sBindHost, bool bSSL, - EAddrType eAddr, CListener::EAcceptType eAccept, CString& sError); protected: time_t m_TimeStarted; diff --git a/modules/data/webadmin/tmpl/settings.tmpl b/modules/data/webadmin/tmpl/settings.tmpl index 1d12f9a2..027b8f31 100644 --- a/modules/data/webadmin/tmpl/settings.tmpl +++ b/modules/data/webadmin/tmpl/settings.tmpl @@ -10,35 +10,60 @@
-
Key
- - - - - - - - - - - - - - - - - - - - - - - - -
PortBindHostSSLIPv4IPv6IRCWeb
YesNoYesNoYesNoYesNoYesNo
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
PortBindHostSSLIPv4IPv6IRCWeb +
checked="checked"/>
checked="checked"/>
checked="checked"/>
checked="checked"/>
checked="checked"/>
 + + + + + + + + + + +
+ -
diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp index ab7e2959..099b4d0d 100644 --- a/modules/webadmin.cpp +++ b/modules/webadmin.cpp @@ -513,6 +513,20 @@ public: return TrafficPage(WebSock, Tmpl); } else if (sPageName == "index") { return true; + } else if (sPageName == "add_listener") { + // Admin Check + if (!spSession->IsAdmin()) { + return false; + } + + return AddListener(WebSock, Tmpl); + } else if (sPageName == "del_listener") { + // Admin Check + if (!spSession->IsAdmin()) { + return false; + } + + return DelListener(WebSock, Tmpl); } return false; @@ -1233,7 +1247,110 @@ public: return true; } + bool AddListener(CWebSock& WebSock, CTemplate& Tmpl) { + unsigned int uPort = WebSock.GetParam("port").ToUInt(); + CString sHost = WebSock.GetParam("host"); + if (sHost == "*") sHost = ""; + bool bSSL = WebSock.GetParam("ssl").ToBool(); + bool bIPv4 = WebSock.GetParam("ipv4").ToBool(); + bool bIPv6 = WebSock.GetParam("ipv6").ToBool(); + bool bIRC = WebSock.GetParam("irc").ToBool(); + bool bWeb = WebSock.GetParam("web").ToBool(); + + EAddrType eAddr = ADDR_ALL; + if (bIPv4) { + if (bIPv6) { + eAddr = ADDR_ALL; + } else { + eAddr = ADDR_IPV4ONLY; + } + } else { + if (bIPv6) { + eAddr = ADDR_IPV6ONLY; + } else { + WebSock.GetSession()->AddError("Choose either IPv4 or IPv6 or both."); + return SettingsPage(WebSock, Tmpl); + } + } + + CListener::EAcceptType eAccept; + if (bIRC) { + if (bWeb) { + eAccept = CListener::ACCEPT_ALL; + } else { + eAccept = CListener::ACCEPT_IRC; + } + } else { + if (bWeb) { + eAccept = CListener::ACCEPT_HTTP; + } else { + WebSock.GetSession()->AddError("Choose either IRC or Web or both."); + return SettingsPage(WebSock, Tmpl); + } + } + + CString sMessage; + if (CZNC::Get().AddListener(uPort, sHost, bSSL, eAddr, eAccept, sMessage)) { + if (!sMessage.empty()) { + WebSock.GetSession()->AddSuccess(sMessage); + } + if (!CZNC::Get().WriteConfig()) { + WebSock.GetSession()->AddError("Port changed, but config was not written"); + } + } else { + WebSock.GetSession()->AddError(sMessage); + } + + return SettingsPage(WebSock, Tmpl); + } + + bool DelListener(CWebSock& WebSock, CTemplate& Tmpl) { + map m = WebSock.GetParams(); + DEBUG("zzz"); + for (map::iterator i = m.begin(); i != m.end(); ++i) { + DEBUG("xxxxxxxxxxxxxxxxxxx[" << i->first << "]"); + for (VCString::iterator it = i->second.begin(); it != i->second.end(); ++it) { + DEBUG("yyyyyyyy[" << *it << "]"); + } + } + unsigned int uPort = WebSock.GetParam("port").ToUInt(); + CString sHost = WebSock.GetParam("host"); + bool bIPv4 = WebSock.GetParam("ipv4").ToBool(); + bool bIPv6 = WebSock.GetParam("ipv6").ToBool(); + + DEBUG("Port [" << WebSock.GetParam("port") << "]"); + + EAddrType eAddr = ADDR_ALL; + if (bIPv4) { + if (bIPv6) { + eAddr = ADDR_ALL; + } else { + eAddr = ADDR_IPV4ONLY; + } + } else { + if (bIPv6) { + eAddr = ADDR_IPV6ONLY; + } else { + WebSock.GetSession()->AddError("Invalid request."); + return SettingsPage(WebSock, Tmpl); + } + } + + CListener* pListener = CZNC::Get().FindListener(uPort, sHost, eAddr); + if (pListener) { + CZNC::Get().DelListener(pListener); + if (!CZNC::Get().WriteConfig()) { + WebSock.GetSession()->AddError("Port changed, but config was not written"); + } + } else { + WebSock.GetSession()->AddError("The specified listener was not found."); + } + + return SettingsPage(WebSock, Tmpl); + } + bool SettingsPage(CWebSock& WebSock, CTemplate& Tmpl) { + Tmpl.SetFile("settings.tmpl"); if (!WebSock.GetParam("submitted").ToUInt()) { CString sBindHosts, sMotd; Tmpl["Action"] = "settings"; @@ -1268,6 +1385,11 @@ public: l["IsWeb"] = CString(pListener->GetAcceptType() != CListener::ACCEPT_IRC); l["IsIRC"] = CString(pListener->GetAcceptType() != CListener::ACCEPT_HTTP); + // simple protection for user from shooting his own foot + // TODO check also for hosts/families + // such check is only here, user still can forge HTTP request to delete web port + l["SuggestDeletion"] = CString(pListener->GetPort() != WebSock.GetLocalPort()); + #ifdef HAVE_LIBSSL if (pListener->IsSSL()) { l["IsSSL"] = "true"; diff --git a/webskins/_default_/pub/_default_.css b/webskins/_default_/pub/_default_.css index 4d899a12..5ef898e8 100644 --- a/webskins/_default_/pub/_default_.css +++ b/webskins/_default_/pub/_default_.css @@ -247,14 +247,18 @@ input.third, textarea.third, width: 150px; } +input.number { + width: 40px; +} + table { border: 1px solid #ccc; border-spacing: 1px; } td, th { - padding: 5px 10px; - min-width: 50px; + padding: 5px 7px; + min-width: 35px; } thead td, th { diff --git a/webskins/ice/pub/ice.css b/webskins/ice/pub/ice.css index 29943090..b6747abb 100644 --- a/webskins/ice/pub/ice.css +++ b/webskins/ice/pub/ice.css @@ -92,7 +92,7 @@ table thead { thead td { font-size: 13px; border-bottom: 1px solid #000; - min-width: 50px; + min-width: 35px; } th { From b8822b8bfbfc765a54d35071767094c2e6409f9f Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Sun, 1 Apr 2012 11:52:31 +0700 Subject: [PATCH 07/11] webadmin: allow edit bindhost without global list. --- modules/data/webadmin/tmpl/add_edit_user.tmpl | 30 ++++++---- modules/webadmin.cpp | 60 ++++++++++--------- 2 files changed, 51 insertions(+), 39 deletions(-) diff --git a/modules/data/webadmin/tmpl/add_edit_user.tmpl b/modules/data/webadmin/tmpl/add_edit_user.tmpl index 33322555..6f364901 100644 --- a/modules/data/webadmin/tmpl/add_edit_user.tmpl +++ b/modules/data/webadmin/tmpl/add_edit_user.tmpl @@ -74,27 +74,33 @@
- +
BindHost:
- + + + + +
- -
DCCBindHost:
- + + + + +
- +
Quit Message:
diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp index 099b4d0d..ca71e081 100644 --- a/modules/webadmin.cpp +++ b/modules/webadmin.cpp @@ -967,41 +967,47 @@ public: // To change BindHosts be admin or don't have DenySetBindHost if (spSession->IsAdmin() || !spSession->GetUser()->DenySetBindHost()) { + Tmpl["BindHostEdit"] = "true"; const VCString& vsBindHosts = CZNC::Get().GetBindHosts(); - bool bFoundBindHost = false; - bool bFoundDCCBindHost = false; - for (unsigned int b = 0; b < vsBindHosts.size(); b++) { - const CString& sBindHost = vsBindHosts[b]; - CTemplate& l = Tmpl.AddRow("BindHostLoop"); - CTemplate& k = Tmpl.AddRow("DCCBindHostLoop"); + if (vsBindHosts.empty()) { + Tmpl["BindHost"] = pUser->GetBindHost(); + Tmpl["DCCBindHost"] = pUser->GetDCCBindHost(); + } else { + bool bFoundBindHost = false; + bool bFoundDCCBindHost = false; + for (unsigned int b = 0; b < vsBindHosts.size(); b++) { + const CString& sBindHost = vsBindHosts[b]; + CTemplate& l = Tmpl.AddRow("BindHostLoop"); + CTemplate& k = Tmpl.AddRow("DCCBindHostLoop"); - l["BindHost"] = sBindHost; - k["BindHost"] = sBindHost; + l["BindHost"] = sBindHost; + k["BindHost"] = sBindHost; - if (pUser && pUser->GetBindHost() == sBindHost) { + if (pUser && pUser->GetBindHost() == sBindHost) { + l["Checked"] = "true"; + bFoundBindHost = true; + } + + if (pUser && pUser->GetDCCBindHost() == sBindHost) { + k["Checked"] = "true"; + bFoundDCCBindHost = true; + } + } + + // If our current bindhost is not in the global list... + if (pUser && !bFoundBindHost && !pUser->GetBindHost().empty()) { + CTemplate& l = Tmpl.AddRow("BindHostLoop"); + + l["BindHost"] = pUser->GetBindHost(); l["Checked"] = "true"; - bFoundBindHost = true; } + if (pUser && !bFoundDCCBindHost && !pUser->GetDCCBindHost().empty()) { + CTemplate& l = Tmpl.AddRow("DCCBindHostLoop"); - if (pUser && pUser->GetDCCBindHost() == sBindHost) { - k["Checked"] = "true"; - bFoundDCCBindHost = true; + l["BindHost"] = pUser->GetDCCBindHost(); + l["Checked"] = "true"; } } - - // If our current bindhost is not in the global list... - if (pUser && !bFoundBindHost && !pUser->GetBindHost().empty()) { - CTemplate& l = Tmpl.AddRow("BindHostLoop"); - - l["BindHost"] = pUser->GetBindHost(); - l["Checked"] = "true"; - } - if (pUser && !bFoundDCCBindHost && !pUser->GetDCCBindHost().empty()) { - CTemplate& l = Tmpl.AddRow("DCCBindHostLoop"); - - l["BindHost"] = pUser->GetDCCBindHost(); - l["Checked"] = "true"; - } } vector vDirs; From 1a8455b2b95e9d0829d0fa0f47a0f8d53b35134d Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Sun, 1 Apr 2012 12:15:33 +0700 Subject: [PATCH 08/11] Ups, commited debug stuff accidentally... --- modules/webadmin.cpp | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp index ca71e081..d320704b 100644 --- a/modules/webadmin.cpp +++ b/modules/webadmin.cpp @@ -1311,21 +1311,11 @@ public: } bool DelListener(CWebSock& WebSock, CTemplate& Tmpl) { - map m = WebSock.GetParams(); - DEBUG("zzz"); - for (map::iterator i = m.begin(); i != m.end(); ++i) { - DEBUG("xxxxxxxxxxxxxxxxxxx[" << i->first << "]"); - for (VCString::iterator it = i->second.begin(); it != i->second.end(); ++it) { - DEBUG("yyyyyyyy[" << *it << "]"); - } - } unsigned int uPort = WebSock.GetParam("port").ToUInt(); CString sHost = WebSock.GetParam("host"); bool bIPv4 = WebSock.GetParam("ipv4").ToBool(); bool bIPv6 = WebSock.GetParam("ipv6").ToBool(); - DEBUG("Port [" << WebSock.GetParam("port") << "]"); - EAddrType eAddr = ADDR_ALL; if (bIPv4) { if (bIPv6) { From ce6a9ce327cf91db6f94e47ec88655f45b393d0b Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Sun, 1 Apr 2012 12:39:14 +0700 Subject: [PATCH 09/11] Move floodprotection js out of .tmpl --- modules/data/webadmin/files/webadmin.js | 13 +++++++++++++ modules/data/webadmin/tmpl/add_edit_network.tmpl | 15 +-------------- 2 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 modules/data/webadmin/files/webadmin.js diff --git a/modules/data/webadmin/files/webadmin.js b/modules/data/webadmin/files/webadmin.js new file mode 100644 index 00000000..4658620a --- /dev/null +++ b/modules/data/webadmin/files/webadmin.js @@ -0,0 +1,13 @@ +function floodprotection_change() { + var protection = document.getElementById('floodprotection_checkbox'); + var rate = document.getElementById('floodrate'); + var burst = document.getElementById('floodburst'); + if (protection.checked) { + rate.removeAttribute('disabled'); + burst.removeAttribute('disabled'); + } else { + rate.disabled = 'disabled'; + burst.disabled = 'disabled'; + } +} + diff --git a/modules/data/webadmin/tmpl/add_edit_network.tmpl b/modules/data/webadmin/tmpl/add_edit_network.tmpl index 0ed7a8ed..a7b1edd5 100644 --- a/modules/data/webadmin/tmpl/add_edit_network.tmpl +++ b/modules/data/webadmin/tmpl/add_edit_network.tmpl @@ -1,3 +1,4 @@ + @@ -58,20 +59,6 @@
One server per line, host [[+]port] [password]
-
Flood protection:
From 6876961b791fd00e70958a10af4a4528550c259f Mon Sep 17 00:00:00 2001 From: Alexey Sokolov Date: Sun, 8 Apr 2012 00:24:26 +0700 Subject: [PATCH 10/11] Fix crash in webadmin when adding a new user. My recent patch, which added ability to put arbitrary bindhost when global list is missing, broke it... Thanks to Jord for reporting it. --- modules/webadmin.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/webadmin.cpp b/modules/webadmin.cpp index d320704b..b1b42d14 100644 --- a/modules/webadmin.cpp +++ b/modules/webadmin.cpp @@ -970,8 +970,10 @@ public: Tmpl["BindHostEdit"] = "true"; const VCString& vsBindHosts = CZNC::Get().GetBindHosts(); if (vsBindHosts.empty()) { - Tmpl["BindHost"] = pUser->GetBindHost(); - Tmpl["DCCBindHost"] = pUser->GetDCCBindHost(); + if (pUser) { + Tmpl["BindHost"] = pUser->GetBindHost(); + Tmpl["DCCBindHost"] = pUser->GetDCCBindHost(); + } } else { bool bFoundBindHost = false; bool bFoundDCCBindHost = false; From 9b6ea8251c5c6da99b44b32f87c3cfe14de3ae26 Mon Sep 17 00:00:00 2001 From: Uli Schlachter Date: Mon, 9 Apr 2012 21:42:04 +0200 Subject: [PATCH 11/11] WebModules: Fix a NULL pointer dereference Commit b1593238d5443bcd4f1b93 started using the module pointer before the NULL check. This caused crashes whenever someone (even without a login!) accessed a web page on znc for a module which didn't exist. Thanks to J0rd4n` for reporting this to us. Signed-off-by: Uli Schlachter --- src/WebModules.cpp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/WebModules.cpp b/src/WebModules.cpp index 6092078c..de602c47 100644 --- a/src/WebModules.cpp +++ b/src/WebModules.cpp @@ -686,12 +686,13 @@ CWebSock::EPageReqResult CWebSock::OnPageRequestInternal(const CString& sURI, CS break; } + if (!pModule) + return PAGE_NOTFOUND; + m_Template["ModPath"] = pModule->GetWebPath(); m_Template["ModFilesPath"] = pModule->GetWebFilesPath(); - if (!pModule) { - return PAGE_NOTFOUND; - } else if (pModule->WebRequiresLogin() && !ForceLogin()) { + if (pModule->WebRequiresLogin() && !ForceLogin()) { return PAGE_PRINT; } else if (pModule->WebRequiresAdmin() && !GetSession()->IsAdmin()) { PrintErrorPage(403, "Forbidden", "You need to be an admin to access this module");