We don't actually have a "modlist" template, so this code would cause a 404.
Going through the "find module with empty name" codepath here has the same
result, so this can be safely removed.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2239 726aef4b-f618-498e-8847-2d620e286838
One of my recent commits made webmods only find user modules instead of global
modules. This worked before because m_sForcedUser was an empty string which made
the code look for global modules. This commit adds an explicit check for global
modules which hopefully fixes all problems.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2238 726aef4b-f618-498e-8847-2d620e286838
This removes two unused methods (ResolveModule() and FillErrorPage()) and marks
some other methods const/static/protected.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2236 726aef4b-f618-498e-8847-2d620e286838
Using some module as another user didn't actually work. For user modules, the
following code stops you:
else if (!pModule->IsGlobal() && pModule->GetUser() != GetSession()->GetUser()) {
PrintErrorPage(403, "Forbidden", "You must login as " + pModule->GetUser()->GetUserName() + " in order to view this page");
For global modules this didn't work either. Once a "forced" user name was
specified, OnPageRequestInternal() stopped looking at global modules:
CModule* pModule = CZNC::Get().FindModule(m_sModName, m_sForceUser);
if (!pModule && m_sForceUser.empty()) {
[snip]
if (!pModule) {
return PAGE_NOTFOUND;
So, whatever m_sForceUser was supposed to do, it never did that.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2235 726aef4b-f618-498e-8847-2d620e286838
GetErrorPage() only generates the HTML for the error page while PrintErrorPage()
actually makes sure the error page is sent with the correct HTTP status code.
(We sent all error pages with status "200 OK"!)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2039 726aef4b-f618-498e-8847-2d620e286838
(but different ports), any web login session from ZNC #1 would overwrite the session from
ZNC #2. While doing this, also removed an unnecessary check in CHTTPSock::SendCookie and
CHTTPSock::GetRequestCookies (which doesn't transparently translate cookie names and has
never been used so far).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2030 726aef4b-f618-498e-8847-2d620e286838
Instead of having the template files and images in /usr/share/znc/www/<mod>/,
modules now get to use /usr/share/znc/<mod>/tmpl/ and files/ for this purpose.
This puts those directories for static data to good use again and might even fix
some bugs (after all, the code for that dir is older and more tested than the
new code for www/).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1997 726aef4b-f618-498e-8847-2d620e286838
It's only used in WebModules.cpp and in contrast to the other #defines from
main.h, this one is not set in configure by default.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1996 726aef4b-f618-498e-8847-2d620e286838
When one now finishes a web request with PAGE_DONE, the code actively calls
Close(CLT_AFTERWRITE) which one previously had to call explicitly. This means
there is finally a difference between PAGE_DONE and PAGE_DEFERRED. ;)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1981 726aef4b-f618-498e-8847-2d620e286838
Until now, the code checked for <moddir>/www/<mod name> and just used
./modules/www/<mod name> if the other dir didn't exist.
Now we calculate the correct path from the module's shared object's path, which
is the correct thing to do.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1967 726aef4b-f618-498e-8847-2d620e286838
to existing action="post" forms. Right now, we don't have much of a
real protection against CSRF yet, but psychon is working on making
that happen :)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1933 726aef4b-f618-498e-8847-2d620e286838
PrintStaticFile() called ExpandFile() twice if debug output was enabled which
caused it's DEBUG() error messages to be printed twice.
It then called CHTTPSock::PrintFile() to print the actual file. PrintFile()
always sends a result page, no matter if this is an error page or a proper
result page. Thus we should always return PAGE_DONE here, since PAGE_NOTFOUND
was already handled.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1882 726aef4b-f618-498e-8847-2d620e286838
webskins dir, made default the _default_ skin, moved dark-clouds to dark-clouds,
added /skinfiles/ feature to base skins on each other (and not only on default).
Next up: re-adding help texts that got lost during webadmin->webmods transition,
making skins look nice again.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1868 726aef4b-f618-498e-8847-2d620e286838
This function caches its result for not-logged-in users since r1857. With this
commit, it also now works properly for logged-in ones.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1862 726aef4b-f618-498e-8847-2d620e286838
When a module page is requested, m_sModName is set. When then GetSession() tries
to look up its session cookie, it doesn't find it since GetRequestCookie()
actually looks up Mod::<modname>::<cookie name>.
The fix is to look up the global cookie name if the mod one doesnt exist.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1861 726aef4b-f618-498e-8847-2d620e286838
When one sent a basic-auth header, OnLogin() was called with the request's data
which caused a GetSession() call which generated a new session. Sadly, this
session wasn't saved anywhere, so a new one session was generated later when
OnPageRequest() triggered. This could lead to a NULL pointer dereference.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1857 726aef4b-f618-498e-8847-2d620e286838
To achieve that, split internal cookie jar into a jar for received cookies
and one for cookies that are to be sent with the response.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1840 726aef4b-f618-498e-8847-2d620e286838
When e.g. imapauth started handling a login from WebMods it opened a new TCP
connection etc. This took time, but WebMods didn't actually wait for the login
to finish which caused the login to fail later on since the HTTP socket was
already destroyed.
This fixes it by letting the HTTP sock just hang. Once the login finishes,
CHTTPSock::Redirect() is called to let it come back to life again.
Thanks to DarthGandalf for finding this issue.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1834 726aef4b-f618-498e-8847-2d620e286838
Instead of return a bool, this now returns an enum. This explains the meaning of
the returned value better and will be used in the next commit to fix a bug.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1833 726aef4b-f618-498e-8847-2d620e286838
