If cookies are not marked as secure, they can be sent
back by the client on unencrypted channels, disclosing
information. With this fix, clients are requested to
send cookies back on a secure channel in case HTTPS is
used.
Wenet.ru uses control characters in the nickserv request. It sends something
like "\x02/NickServ IDENTIFY \x1Fpassword\x1F\x02", so no wonder the
CString:find() was failing.
The following people agreed with the change, in alphabetical order:
(people who approved in several ways are listed only once)
By email:
- Adam (from Anope)
- Austin Morton
- Brian Campbell
- Christian Walde
- Daniel Holbert
- Daniel Wallace
- Falk Seidel
- Heiko Hund
- Ingmar Runge
- Jim Hull
- Kyle Fuller
- Lee Aylward
- Martin Martimeo
- Matt Harper
- Michael J Edgar
- Michael Ziegler
- Nick Bebout
- Paul Driver
- Perry Nguyen
- Philippe (cycomate)
- Reuben Morais
- Roland Hieber
- Sebastian Ramacher
- Stefan Rado
- Stéphan Kochen
- Thomas Ward
- Toon Schoenmakers
- Veit Wahlich
- Wulf C. Krueger
By IRC:
- CNU
- Jonas Gorski
- Joshua M. Clulow
- Prozac/SHiZNO
- SilverLeo
- Uli Schlachter
At https://github.com/znc/znc/issues/311 :
- Alexey Sokolov
- Elizabeth Myers
- flakes
- Jens-Andre Koch
- Jyzee
- KindOne/ineedalifetoday
- Lee Williams
- Mantas Mikulėnas
- md-5
- Reed Loden
At the last few pull requests' comments:
- Allan Odgaard
- Jacob Baines
- Lluís Batlle i Rossell
- ravomavain
- protomouse
The following commits' authors didn't respond:
Trivial changes:
- f70f1086fd
- 4ca8b50e45
The changes which are not presented in master anymore:
- 5512ed2ea0
- 960a4498f7
- 0f739de2c0
- 7f53cc810bFix#311Fix#218
This reverts commit db7c47f97d.
Too many joined channels at once started to cause disconnect because of
"Max SendQ Exceeded", which is not much better than previous Flood.
Now MaxJoins is 0 by default, which preserves the current behavior of
joining all channels at once. If someone experiences those disconnects
due to SendQ, they can tune MaxJoins.
Fix#329
Conflicts:
include/znc/User.h
modules/controlpanel.cpp
modules/webadmin.cpp
src/User.cpp
Modifications from /usr/share/aclocal/ version:
1. Don't use AC_LIB_RPATH
2. AC_SUBST([HAVE_ICONV])
So now charset module is buildable on openbsd with:
./configure CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib
Fix#255
This reverts commit fb62b5e7a6.
I need to test changes better...
To be proper user modules they need to store per-network state, just a
flag isn't enough.
That OS doesn't support AI_ADDRCONFIG, but in that case we
defined HAVE_PTHREAD, but didn't add needed params to compiler
Thanks to fred for shell access for tests
This reverts commit 11e5f7636d.
Having this in the raw buffer multiple times is obviously wrong, because you can
use /oper more than once and would get a new 381 numeric each time. So this
would need to use UpdateRawBuffer() instead of AddRawBuffer() (=replace old
entries with the same text).
However, this is still wrong. If you -o yourself, you no longer have oper
status. ZNC wouldn't notice this and still deliver the 381 numeric to new
clients.
Clients which use raw 381 to detect oper status will have to switch to user mode
+o.
Thanks to Han` for reporting this problem.
This modifies line 897 to have more verbosity on the output for a successful execution of the "Disconnect" command, which will allow for the output to say what network was force-disconnected on what user.
This is a repaired version of pull request #352 which I closed after a FTBFS which I did not realize.
Previously, "make clean" would happily delete swig's output files even though
configure did not find swig and thus these files could not be generated again.
This half-fixes issue 276. It would be great if the Makefiles never delete files
which are part of the tarball, but at least they now don't delete files which
cannot be regenerated.
Signed-off-by: Uli Schlachter <psychon@znc.in>
Previously, every line that was forwarded to the IRCd was printed twice in debug
mode. Once when it got added to the send queue and a second time when it was
actually sent. However, most of the time this queue is empty and thus the two
events happened at approximately the same time.
Thus, this patch now changes the debug output. Lines are only printed extra if
they really have to wait in the queue for a while before they can be sent out.
This has the positive effect of making the debug output more readable, because
it is shorter and less repetitive and it makes it more obvious when znc actively
throttles the traffic that is sent out.
Signed-off-by: Uli Schlachter <psychon@znc.in>
