So far this is not integrated with ClientCommand.cpp or webadmin.cpp, so
the only way to actually use this is to hand-editing the config with a
<Listener> section like the following:
<Listener 42>
Path = /tmp/listen
SSL = false
</Listener>
So far this received only very basic testing. I did not even test SSL support.
Signed-off-by: Uli Schlachter <psychon@znc.in>
This splits up CListener into a TCP-specific class and a general class.
The intention is to later add another class inheriting from CListener
that listens on unix sockets.
Signed-off-by: Uli Schlachter <psychon@znc.in>
While not kicking upon disconnect can cause desync with client and other
issues, there were multiple complains about the new behavior, and the
user should have the choice.
Revert 2f65dbbc64
Ref #968
Stop hardcoding Russian in webadmin.
Limit the setting in controlpanel to the known languages, because
untrusted language code might lead to some interesting vulnerabilities.
I noticed that the default network flood rates are wrong (for most
networks). It has been very standard since the beginning of IRC to use a
value of 2 seconds per line, with a 10 line head start. Almost all
networks work this way, and if you don't follow, having a lot of
channels or a lot of clients connected to ZNC results in excess flood
disconnections and much frustration for the user.
I think you should make the default value for these 2 and 9 instead of 1
and 4 so that this nasty bug doesn't hit people who will not know how to
debug it. You find these same types of settings built into every IRC
client. 2 and 10 is the standard. 2 and 9 provides a slight buffer so
there is no mistake.
Thanks
-Rubin
Close#1416
This also alters PutClient such that the CMessage variant handles
sending messages, rather than the CString variant. As a side bonus, this
gives callers better information on whether the message was sent to the
client. Additionally, it eliminates the need for a hook to let modules
set the tags sent to a client, as that can now be done inside
OnSendToClientMessage.
Calls to CIRCSock::Quit() eventually result in the object's destructor
being called, which itself calls CIRCSock::Quit() again. Avoid sending
multiple quit messages to the remote server by checking if the
underlying socket is already marked for closing.
Found using UBSan.
Full fix would require adding visibility attribute to CUser,
CIRCNetwork, CModule, CModuleEntry, CModInfo *and* make sure these
attributes are visible to enough code.
The second statement is more difficult to fulfill, because forward
declaration of CUser is not enough, because the attribute is on class
definition. So Modules.h would need to include many other includes.
Probably it should be changed at some point.
See http://stackoverflow.com/questions/27976687/clangs-ubsan-function-pointer-is-this-illegal
Make version checks more strict.
This finishes attempt to preserve ABI between patch versions. That
didn't work well, and the people who could make it work, left the
project already.
Close#1255Close#1274Close#172
Useful for Web APIs and all other kinds of things.
API changes:
- Added public CHTTPSock::GetURI() method
- Added public CModule::ValidateWebRequestCSRFCheck() method
- Made CWebSock::GetCSRFCheck() method public so it can be accessed
from CModule
- Added public CWebSock::ValidateCSRFCheck() method
Other changes:
- Added a Sample Web API module (modules/samplewebapi.cpp) and a
simple web form with no CSRF check.
Implements feature request #1180.
