diff options
| author | Tom Gilbert <tom@linuxbrit.co.uk> | 2005-07-14 22:51:05 +0000 |
|---|---|---|
| committer | Tom Gilbert <tom@linuxbrit.co.uk> | 2005-07-14 22:51:05 +0000 |
| commit | a00f2d697f4dc87a5568ebdd4946385ce51d9ba7 (patch) | |
| tree | 19dfc2b0bd5973693b3eaea714da1cd808999dbe | |
| parent | 2a1834f5bc0a3f3543033e8fe4ddecdb041627f5 (diff) | |
Rudolf Polzer pointed out (a while ago, I forgot to apply this fix) an issue
with rbot's string handling. Most ircds are pretty liberal about lines
ending in various combinations of \r, \n, etc.
We need to be careful about strings we pass to the ircd that may have come
from users/untrusted sources (such as the output of the wserver plugin), and
sanitize their line endings so that raw commands can't be sneaked through to
the ircd.
| -rw-r--r-- | rbot/ircbot.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rbot/ircbot.rb b/rbot/ircbot.rb index 26f3f8bb..5c72e40b 100644 --- a/rbot/ircbot.rb +++ b/rbot/ircbot.rb @@ -331,7 +331,7 @@ class IrcBot # say something (PRIVMSG) to channel/nick +where+ def say(where, message) - message.to_s.each_line { |line| + message.to_s.gsub(/[\r\n]+/, "\n").each_line { |line| line.chomp! next unless(line.length > 0) unless((where =~ /^#/) && (@channels.has_key?(where) && @channels[where].quiet)) |