act = :act
elsif rex.sub!(/^(?:cmd|command):/,'')
act = :cmd
+ elsif rex.sub!(/^ruby:/,'')
+ act = :ruby
end
@replies << Reply.new(self, act, rex, *args)
make_ranges
"If prefixed by 'act:' (e.g. act:/(order|command)s/) the bot will only respond if a CTCP ACTION matches the trigger"
when :reply, :replies
"reaction replies are simply messages that the bot will reply when a trigger is matched. " +
- "Replies can be prefixed by 'act:' (e.g. act:goes shopping) to signify that the bot should act instead of saying the message. " +
- "Replies can be prefixed by 'cmd:' or 'command:' (e.g. cmd:lart %{who}) to issue a command to the bot. " +
- "Replies can use the %{key} syntax to access one of the following keys: " +
- "who (the user that said the trigger), bot (the bot's own nick), " +
- "target (the first word following the trigger), what (whatever follows target), " +
+ "Replies prefixed by 'act:' (e.g. act:goes shopping) signify that the bot should act instead of saying the message. " +
+ "Replies prefixed by 'cmd:' or 'command:' (e.g. cmd:lart %{who}) issue a command to the bot. " +
+ "Replies can use the %{key} syntax to access the following keys: " +
+ "who (user that said the trigger), bot (bot's own nick), " +
+ "target (first word following the trigger), what (whatever follows target), " +
"before (everything that precedes the trigger), after, (everything that follows the trigger), " +
- "match (the actual matched text), match1, match2, ... (the i-th capture)"
+ "match (matched text), match1, match2, ... (the i-th capture). " +
+ "Replies prefixed by 'ruby:' (e.g. ruby:m.reply 'Hello ' + subs[:who]) are interpreted as ruby code. " +
+ "No %{key} substitution is done in this case, use the subs hash in the code instead. " +
+ "Be warned that creating ruby replies can open unexpected security holes in the bot."
when :list
"reaction list [n]: lists the n-the page of programmed reactions (30 reactions are listed per page)"
when :show
def unreplied(m)
return unless PrivMessage === m
- debug "testing #{m} for reactions"
+ debug "testing #{m.inspect} for reactions"
return if @reactions.empty?
candidates = @reactions.map { |react|
blob = react === m
return unless reply
act, arg = reply.apply(subs)
case act
+ when :ruby
+ begin
+ # no substitutions for ruby code
+ eval(reply.reply)
+ rescue Exception => e
+ error e
+ end
when :cmd
begin
# Pass the new message back to the bot.
}
end
+ def can_add?(m, reaction)
+ return true if reaction.act == :reply
+ return true if reaction.act == :act
+ return true if reaction.act == :ruby and @bot.auth.permit?(m.source, "reaction::react::ruby", m.channel)
+ return true if reaction.act == :cmd and @bot.auth.permit?(m.source, "reaction::react::cmd", m.channel)
+ return false
+ end
+
def handle_add(m, params)
trigger = params[:trigger].to_s
reply = params[:reply].to_s
pct = pct.to_f.clip(0,1)
end
+ new_reaction = false
+
reaction = find_reaction(trigger)
if not reaction
reaction = Reaction.new(trigger)
@reactions << reaction
- m.reply "Ok, I'll start reacting to #{reaction.raw_trigger}"
+ new_reaction = true
end
+
found = reaction.find_reply(reply)
if found
- found.pct = pct
- found.author = m.sourcenick
- found.date = Time.now
- found.channel = m.channel
+ # ruby replies need special permission
+ if can_add?(m, found)
+ found.pct = pct
+ found.author = m.sourcenick
+ found.date = Time.now
+ found.channel = m.channel
+ else
+ m.reply _("Sorry, you're not allowed to change %{act} replies here") % {
+ :act => found.act
+ }
+ return
+ end
else
found = reaction.add_reply(reply, pct, m.sourcenick, Time.now, m.channel)
+ unless can_add?(m, found)
+ m.reply _("Sorry, you're not allowed to add %{act} replies here") % {
+ :act => found.act
+ }
+ reaction.rm_reply(reaction.replies.length)
+ if new_reaction
+ @reactions.delete(reaction)
+ end
+ return
+ end
+ end
+
+ if new_reaction
+ m.reply "Ok, I'll start reacting to #{reaction.raw_trigger}"
end
m.reply "I'll react to #{reaction.raw_trigger} with #{reaction.raw_replies.last} (#{(reaction.replies.last.pct * 100).to_i}%)"
end
plugin.map plugin.add_syntax, :action => 'handle_add',
:requirements => { :trigger => plugin.trigger_syntax }
+# ruby reactions are security holes, so give stricter permission
+plugin.default_auth('react::ruby', false)
+# cmd reactions can be security holes too
+plugin.default_auth('react::cmd', false)
+
plugin.map 'reaction list [:page]', :action => 'handle_list',
:requirements => { :page => /^\d+$/ }
projects / user / henk / code / ruby / rbot.git / blobdiff