There was a bug in webadmin which allowed any users to write arbitrary strings
to znc.conf by setting e.g. their quit message to:
Some quit message
Admin = true
LoadModule = shell
</User>
ISpoofFile = /home/<user>/.ssh/authorited_keys
ISpoofFormat = <some ssh key>
<User a>
(The newlines must be sent as newlines to webadmin)
This commit fixes this by stripping all newlines from all the data fields
by default. Since some fields (e.g. CTCPReplies and Servers) do need newlines,
there is a new function CHTTPSock::GetRawParam() which doesn't do the stripping.
Thanks to cnu for finding and reporting this bug.
Thanks to kroimon for patch review.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1395 726aef4b-f618-498e-8847-2d620e286838
If such a file is served (e.g. webadmin images) an ETag header is now generated.
When the browser needs the file again it sends the ETag back to us in an
If-None-Match header and the file isn't transfered again if the ETag still
matches. This should greatly reduce webadmin's traffic usage.
This also updates HTTPSock to sometimes generate a HTTP/1.1 reply
(ETag was added in HTTP/1.1).
This was successfully tested with Firefox 2 & 3 and IE7.
Konqueror failed badly (No If-None-Match header generated).
Thanks to flakes for having the idea, writing the patch and testing it.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1248 726aef4b-f618-498e-8847-2d620e286838
CSocket caches the data read from a socket and then looks for lines in there.
If there is no line end, this buffer can grow quite large. This patch now
closes sockets if they get a huge read buffer.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1233 726aef4b-f618-498e-8847-2d620e286838
We no longer include Csocket.h in main.h because only few files actually need
it. (Only HTTPSock.h and Timers.h)
We also clean up some includes in Timers.h. It didn't actually include
the file it needed.
Oh and this also adds a warning to main.h if PATH_MAX is undefined. If this
happens, it is most likely a bug that needs to be addressed. (some missing
includes, I'd guess)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1099 726aef4b-f618-498e-8847-2d620e286838
All the headers are now self-contained (g++ Header.h -o /dev/null).
Some system headers where moved to the .cpp they are actually needed in,
some of our own headers are includes less. (Especially MD5.h)
Headers are sorted alphabetically while in e.g. FileUtils.cpp FileUtils.h
is the first file included.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@915 726aef4b-f618-498e-8847-2d620e286838
