Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: Fantasy Commands Issue in 1.9.x Branch  (Read 3885 times)

0 Members and 1 Guest are viewing this topic.

Swampy

  • Guest
Fantasy Commands Issue in 1.9.x Branch
« on: November 30, 2011, 06:01:00 PM »

I've noticed a worrying problem, is that if you register a channel and join ChanServ into it, and type !drop the channel will be dropped, which is very bad (just imagine a nutter for sake, typing !drop this would make your channels revert to unregistered and you'd have to go through the registration process all over again.

This to me can be easily fixed, if you had another config option  ProhibitedFantasyCommands "DROP REGISTER" where users could stop certain fantasy commands working on the channel.

By definition, any Channel Registration/Drop commands should never be allowed as Fantasy for the very reason they could be typed and irreversible action can take place.

This could also be applied to !TOPIC as well, as that would wipe out the channel topic in the blink of an eye.

Please consider adding this change, Thanks.
Logged

katsklaw

  • Supporter
  • Anope User
  • Offline Offline
  • Posts: 537
Re: Fantasy Commands Issue in 1.9.x Branch
« Reply #1 on: December 02, 2011, 05:18:53 PM »

The !drop fantasy cmd goes through the same checks (or should) as the /cs drop command does and thus channels can only be dropped, regardless of cmd typed, by those with authority to do so in the first place so there is nothing "very bad" about it. In your example, someone typing: /cs drop #Channel would also have to re-register. Users that don't have permission to drop will still get "permission denied".

There really isn't any security breach by typing !pubcmd except by those foolish enough to identify with a !pubcmd. In this case !identify shouldn't even exist. That said, imvho, there is no need to restrict/disable !pubcmds on an individual cmd basis.

Additionally, typing: !topic or even /topic #channel does not (or shouldn't) wipe out the topic, it returns the topic and when/who set it. This is per RFC1459. At worst the !topic cmd should require a parameter.

Code: [Select]
.:11:21:. -> Server: topic #Litter.Box
.:11:21:. * Topic is 'blah'
.:11:21:. * Set by katsklaw on Fri Dec 02 11:21:11

Please refer to: http://tools.ietf.org/html/rfc1459#section-4.2.4
« Last Edit: December 02, 2011, 05:26:54 PM by katsklaw »
Logged

Jan Milants

  • Team
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 1372
Re: Fantasy Commands Issue in 1.9.x Branch
« Reply #2 on: December 02, 2011, 09:06:50 PM »

the /cs TOPIC command is not the same as the /topic cmd.. without a parameter it has always been used to clear the channel topic.. basically it s setting an empty topic.

I guess that s the disadvantage of directly mapping all /cs commands to fantasy cmds.. some may need a little bit of getting used to.with bs_f_ext for 1.8 I made !topic show the topic when given no parameter, but that meant I had to introduce !ctopic to actually clear the topic.. I guess that this is a consequence of 1.8 requiring a separate implementation which sucks big and 1.9 mapping ! to /cs #chan literally...
Logged
If you like me donate coins to 1FBmZVT4J8WAUMHKqpWhgNVj3XXnRN1cCk :)
Pages: [1]   Go Up