auth modules = imapauth and saslauth
Some code in CWebAdminSock::OnLogin() is skipped if a module handles auth
and thus m_pUser stays NULL. Most checks for admin rights only check for
m_pUser being NULL and thus any user WHO ALREADY HAS A VALID LOGIN can edit
other users if they know their user name.
(=Change the password of an admin and log in using this info)
One of the major excpeptions are the templates which use m_bAdmin instead of
m_pUser for checking the privieleges, thus users still see the normal pages
and this bug stayed unnoticed for a while.
This patch now moves the code that sets m_pUser to some code which is executed
in both cases, when an auth module is in effect and when one isn't.
(Well, technically this isn't a move, but code duplication, but executing this
twice won't hurt and one of the follow-up patches cleans this up.)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1113 726aef4b-f618-498e-8847-2d620e286838
In r1058 the behaviour of CUser::Clone() was changed. It now also handles the
channel settings. This change breaks webadmin, because it doesn't properly
set up the channels it feeds to CUser::Clone()
This commit 'fixes' this by adding an extra parameter to CUser::Clone() which
makes it revert to the old behaviour. Webadmin uses this parameter.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1074 726aef4b-f618-498e-8847-2d620e286838
Those function were not modified. Only change is the name.
Those *Dir() functions really made no sense in CUtils when there is FileUtils
stuff. They really fit much better into here. I'll bet they'll make new friends
fast. I mean, why shouldn't they?
Uhm... sorry ;)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1044 726aef4b-f618-498e-8847-2d620e286838
This removes some commented out functions and it also
removes CFir::Exists() since CFile::IsDir() does exactly
the same job (and it uses fewer syscalls for that).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1042 726aef4b-f618-498e-8847-2d620e286838
This was generated via the following command:
cat <file> | \
tr "\n" "€"| \
sed -r 's/€[\t ]*\{€/ {€/g; s/\( */(/g; s/ *\)/)/g' | \
tr "€" "\n"
Thanks to SilverLeo for producing this mess :P
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1029 726aef4b-f618-498e-8847-2d620e286838
Turns out that .depend's mtime changes when you modify files in there
and since every .cpp file depended on .depend, make regenerated everything.
Not good.
Fix this by inlining the mkdir for .depend.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1027 726aef4b-f618-498e-8847-2d620e286838
The shell module uses the current nick for that user as the ident for queries
from *shell. This makes no sense I once managed to get an empty ident, which
confused irssi badly.
Since there is no good reason to use this as ident, just use some
static string as ident instead.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1021 726aef4b-f618-498e-8847-2d620e286838
Modperl was broken for quite some time and no one noticed...
The modperlFLAGS include the path to some static lib which will be linked in.
For this to work, we need to already have used one of its symbols.
Now, if the linker first sees this DynaLoader.a and then our object file,
there are no references to any symbol from it yet and thus he drops it.
The fix is easy: The modperlFLAGS need to be after modperl.cpp on the
command line.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@970 726aef4b-f618-498e-8847-2d620e286838
Since adding and editing users is handled pretty much the same way in webadmin,
you could change your user name when you sent a POST requests with some
arbitrary user field:
echo "user=newuser&submitted=1" | \
lynx -post_data -auth=user:pass http://localhost:55455/edituser
This was spotted by SilverLeo who seems to spend quite some time trying to make
ZNC break, which is a good thing. Thanks!
Oh and btw, the last commit (delete the pid file) is from SilverLeo.
I forgot to mention him in the commit msg. Sorry.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@949 726aef4b-f618-498e-8847-2d620e286838
This was just recently introduced in rev 935 "Display user's vhost if it's
not in the global vhost list".
Thanks to icu and Kuja for reporting.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@937 726aef4b-f618-498e-8847-2d620e286838
We are back to the behaviour of some old version of the Makefile
If you want to compile ZNC only once, just use make.
If you want the Makefile do to dependency tracking and that fancy stuff,
run make depend which creates the .depend and modules/.depend dirs.
From then on some dependency files get written when you compile something.
(The way we did it before now was bad, because all the .cpp files depended on
the .depend dir which got its mtime updated regulary)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@922 726aef4b-f618-498e-8847-2d620e286838
This modules sets you away some time after the last client detaches and it sets
you back when you reattach.
You can include %s in your away reason which is replaced with the current
time when setting you away.
If you set an away reason yourself while you are attached, the module won't
change this reason.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@920 726aef4b-f618-498e-8847-2d620e286838
