There was a bug in webadmin which allowed any users to write arbitrary strings
to znc.conf by setting e.g. their quit message to:
Some quit message
Admin = true
LoadModule = shell
</User>
ISpoofFile = /home/<user>/.ssh/authorited_keys
ISpoofFormat = <some ssh key>
<User a>
(The newlines must be sent as newlines to webadmin)
This commit fixes this by stripping all newlines from all the data fields
by default. Since some fields (e.g. CTCPReplies and Servers) do need newlines,
there is a new function CHTTPSock::GetRawParam() which doesn't do the stripping.
Thanks to cnu for finding and reporting this bug.
Thanks to kroimon for patch review.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1395 726aef4b-f618-498e-8847-2d620e286838
This limits the max file size to 16 MiB and makes the read loop stop after
it has read as many bytes as GetSize() said the file is long. This fixes
an endless loop when trying to transfer endless files like /dev/zero.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1374 726aef4b-f618-498e-8847-2d620e286838
If such a file is served (e.g. webadmin images) an ETag header is now generated.
When the browser needs the file again it sends the ETag back to us in an
If-None-Match header and the file isn't transfered again if the ETag still
matches. This should greatly reduce webadmin's traffic usage.
This also updates HTTPSock to sometimes generate a HTTP/1.1 reply
(ETag was added in HTTP/1.1).
This was successfully tested with Firefox 2 & 3 and IE7.
Konqueror failed badly (No If-None-Match header generated).
Thanks to flakes for having the idea, writing the patch and testing it.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1248 726aef4b-f618-498e-8847-2d620e286838
CSocket caches the data read from a socket and then looks for lines in there.
If there is no line end, this buffer can grow quite large. This patch now
closes sockets if they get a huge read buffer.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1233 726aef4b-f618-498e-8847-2d620e286838
Those function were not modified. Only change is the name.
Those *Dir() functions really made no sense in CUtils when there is FileUtils
stuff. They really fit much better into here. I'll bet they'll make new friends
fast. I mean, why shouldn't they?
Uhm... sorry ;)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1044 726aef4b-f618-498e-8847-2d620e286838
