q3k
/
mun
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security: fix irc:{Say,Notice} target command injection, again

master
q3k 2020-03-20 15:59:14 +01:00
parent 59a6faa1a3
commit 6a74b2961b
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/irc.lua
View File

@ -142,7 +142,7 @@ function irc:LoginUser(username, realname)
end
function irc:Say(target, message)
local Target = target:gmatch("[^\r\n]+")()
local Target = target:gmatch("[^\a\r\n: ]+")()
for Line in message:gmatch("[^\r\n]+") do
print(' --> PRIVMSG ' .. Target .. ' :' .. Line)
self:_Send('PRIVMSG ' .. Target .. ' :' .. Line)
@ -150,7 +150,7 @@ function irc:Say(target, message)
end
function irc:Notice(target, message)
local Target = target:gmatch("[^\r\n]+")()
local Target = target:gmatch("[^\a\r\n: ]+")()
for Line in message:gmatch("[^\r\n]+") do
print(' --> NOTICE ' .. Target .. ' :' .. Line)
self:_Send('NOTICE ' .. Target .. ' :' .. Line)