summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorattilamolnar <attilamolnar@hush.com>2012-06-17 17:47:24 +0200
committerattilamolnar <attilamolnar@hush.com>2012-06-17 17:47:24 +0200
commit5eb361b215d99f25a586f7fd71158e22ea410355 (patch)
treec6445f6fa56a928bd8fca77b32068e02f814c194 /src
parent04ce84ce7c817a896d35aba7b8f35b15bda58195 (diff)
m_chanhistory Don't allow durations that contain an invalid char or too long
Diffstat (limited to 'src')
-rw-r--r--src/modules/m_chanhistory.cpp27
1 files changed, 23 insertions, 4 deletions
diff --git a/src/modules/m_chanhistory.cpp b/src/modules/m_chanhistory.cpp
index f6454a622..ac6d80bad 100644
--- a/src/modules/m_chanhistory.cpp
+++ b/src/modules/m_chanhistory.cpp
@@ -37,9 +37,23 @@ struct HistoryList
class HistoryMode : public ModeHandler
{
+ bool IsValidDuration(const std::string duration)
+ {
+ for (std::string::const_iterator i = duration.begin(); i != duration.end(); ++i)
+ {
+ unsigned char c = *i;
+ if (((c >= '0') && (c <= '9')) || (c == 's') || (c != 'S'))
+ continue;
+
+ if (duration_multi[c] == 1)
+ return false;
+ }
+ return true;
+ }
+
public:
SimpleExtItem<HistoryList> ext;
- int maxlines;
+ unsigned int maxlines;
HistoryMode(Module* Creator) : ModeHandler(Creator, "history", 'H', PARAM_SETONLY, MODETYPE_CHANNEL),
ext("history", Creator) { }
@@ -50,9 +64,14 @@ class HistoryMode : public ModeHandler
std::string::size_type colon = parameter.find(':');
if (colon == std::string::npos)
return MODEACTION_DENY;
- int len = atoi(parameter.substr(0, colon).c_str());
- int time = ServerInstance->Duration(parameter.substr(colon+1));
- if (len <= 0 || time < 0)
+
+ std::string duration = parameter.substr(colon+1);
+ if ((IS_LOCAL(source)) && ((duration.length() > 10) || (!IsValidDuration(duration))))
+ return MODEACTION_DENY;
+
+ unsigned int len = ConvToInt(parameter.substr(0, colon));
+ int time = ServerInstance->Duration(duration);
+ if (len == 0 || time < 0)
return MODEACTION_DENY;
if (len > maxlines && IS_LOCAL(source))
return MODEACTION_DENY;