security: fix irc:{Say,Notice} target command injection, again
This commit is contained in:
parent
59a6faa1a3
commit
6a74b2961b
1 changed files with 2 additions and 2 deletions
|
@ -142,7 +142,7 @@ function irc:LoginUser(username, realname)
|
|||
end
|
||||
|
||||
function irc:Say(target, message)
|
||||
local Target = target:gmatch("[^\r\n]+")()
|
||||
local Target = target:gmatch("[^\a\r\n: ]+")()
|
||||
for Line in message:gmatch("[^\r\n]+") do
|
||||
print(' --> PRIVMSG ' .. Target .. ' :' .. Line)
|
||||
self:_Send('PRIVMSG ' .. Target .. ' :' .. Line)
|
||||
|
@ -150,7 +150,7 @@ function irc:Say(target, message)
|
|||
end
|
||||
|
||||
function irc:Notice(target, message)
|
||||
local Target = target:gmatch("[^\r\n]+")()
|
||||
local Target = target:gmatch("[^\a\r\n: ]+")()
|
||||
for Line in message:gmatch("[^\r\n]+") do
|
||||
print(' --> NOTICE ' .. Target .. ' :' .. Line)
|
||||
self:_Send('NOTICE ' .. Target .. ' :' .. Line)
|
||||
|
|
Loading…
Reference in a new issue