Anope IRC Services

Anope Support => 2.0.x/1.9.x Support => Topic started by: Swampy on November 30, 2011, 06:01:00 PM

Title: Fantasy Commands Issue in 1.9.x Branch
Post by: Swampy on November 30, 2011, 06:01:00 PM

I've noticed a worrying problem, is that if you register a channel and join ChanServ into it, and type !drop the channel will be dropped, which is very bad (just imagine a nutter for sake, typing !drop this would make your channels revert to unregistered and you'd have to go through the registration process all over again.

This to me can be easily fixed, if you had another config option  ProhibitedFantasyCommands "DROP REGISTER" where users could stop certain fantasy commands working on the channel.

By definition, any Channel Registration/Drop commands should never be allowed as Fantasy for the very reason they could be typed and irreversible action can take place.

This could also be applied to !TOPIC as well, as that would wipe out the channel topic in the blink of an eye.

Please consider adding this change, Thanks.

Title: Re: Fantasy Commands Issue in 1.9.x Branch
Post by: katsklaw on December 02, 2011, 05:18:53 PM

The !drop fantasy cmd goes through the same checks (or should) as the /cs drop command does and thus channels can only be dropped, regardless of cmd typed, by those with authority to do so in the first place so there is nothing "very bad" about it. In your example, someone typing: /cs drop #Channel would also have to re-register. Users that don't have permission to drop will still get "permission denied".

There really isn't any security breach by typing !pubcmd except by those foolish enough to identify with a !pubcmd. In this case !identify shouldn't even exist. That said, imvho, there is no need to restrict/disable !pubcmds on an individual cmd basis.

Additionally, typing: !topic or even /topic #channel does not (or shouldn't) wipe out the topic, it returns the topic and when/who set it. This is per RFC1459. At worst the !topic cmd should require a parameter.

Code: [Select]

.:11:21:. -> Server: topic #Litter.Box
.:11:21:. * Topic is 'blah'
.:11:21:. * Set by katsklaw on Fri Dec 02 11:21:11
Please refer to: http://tools.ietf.org/html/rfc1459#section-4.2.4

Title: Re: Fantasy Commands Issue in 1.9.x Branch
Post by: Jan Milants on December 02, 2011, 09:06:50 PM

the /cs TOPIC command is not the same as the /topic cmd.. without a parameter it has always been used to clear the channel topic.. basically it s setting an empty topic.

I guess that s the disadvantage of directly mapping all /cs commands to fantasy cmds.. some may need a little bit of getting used to.with bs_f_ext for 1.8 I made !topic show the topic when given no parameter, but that meant I had to introduce !ctopic to actually clear the topic.. I guess that this is a consequence of 1.8 requiring a separate implementation which sucks big and 1.9 mapping ! to /cs #chan literally...