q3k
/
mun
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security: notifications: fix irc command injection

master
q3k 2020-03-20 15:53:42 +01:00
parent 8c93d4da9a
commit 59a6faa1a3
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/notifications.lua
View File

@ -26,14 +26,12 @@ local CheckNotifications = function()
end
local Notification = json.decode.decode(Data)
local Line = ""
if Notification['Notice'] ~= nil then
Line = "NOTICE " .. Notification['Receiver'] .. " :" .. Notification['Message']
else
Line = "PRIVMSG " .. Notification['Receiver'] .. " :" .. Notification['Message']
end
print("Sending notification: " .. Line)
irc:_Send(Line)
if Notification['Notice'] ~= nil then
irc:Notice(Notification['Receiver'], Notification['Message'])
else
irc:Say(Notification['Receiver'], Notification['Message'])
end
Redis:lrem('notifications:processing', -1, Data)
end
Redis:quit()
@ -48,7 +46,7 @@ plugin.AddHook('ReactorTick', 'notifications', function()
if irc == nil then
return
end
if LastGlobalChecked + 5 < os.time() then
if LastGlobalChecked + 1 < os.time() then
LastGlobalChecked = os.time()
pcall(function()
CheckNotifications(irc)