iarv/znc
1
0
Fork 0
mirror of https://github.com/znc/znc.git synced 2026-03-28 17:42:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed path constraints in get/send status commands

Browse Source 
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@731 726aef4b-f618-498e-8847-2d620e286838
This commit is contained in:
prozacx
2006-05-05 20:31:08 +00:00
parent 18f1274913
commit 69f65b2d60
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Client.cpp
View File

@@ -848,6 +848,11 @@ void CClient::UserCommand(const CString& sLine) {
return;
}
if ((!m_pUser->IsAdmin() && sFile.Left(1) == "~") || sFile.Left(1) == "/" || sFile.find("..") != CString::npos) {
PutStatus("Illegal path.");
return;
}
if (m_pUser) {
m_pUser->SendFile(sToNick, sFile);
}
@@ -859,7 +864,7 @@ void CClient::UserCommand(const CString& sLine) {
return;
}
if (sFile.find("..") != CString::npos) {
if ((!m_pUser->IsAdmin() && sFile.Left(1) == "~") || sFile.Left(1) == "/" || sFile.find("..") != CString::npos) {
PutStatus("Illegal path.");
return;
}