X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=data%2Frbot%2Fplugins%2Freaction.rb;h=879b89fa4735b5286d18afb3f3b17b55d9f9b5d4;hb=6cf365c49ce5fbe24c0a4ff0663550390b501fea;hp=16288030da9eb837b402c25c364bd56a5c45ad2f;hpb=a22c1e21a11f136864577db64f90b0ef557c6ac2;p=user%2Fhenk%2Fcode%2Fruby%2Frbot.git

diff --git a/data/rbot/plugins/reaction.rb b/data/rbot/plugins/reaction.rb
index 16288030..879b89fa 100644
--- a/data/rbot/plugins/reaction.rb
+++ b/data/rbot/plugins/reaction.rb
@@ -69,7 +69,9 @@ class ::Reaction
       @trigger << Regexp.new(rex, true)
     else
       rex.sub!(/^(["'])(.*)\1$/, '\2')
-      @trigger << Regexp.new(/\b#{Regexp.escape(rex)}\b/ui)
+      prepend = ( rex =~ /^\w/ ? '(?:\b)' : '')
+      append = ( rex =~ /\w$/ ? '(?:\b|$)' : '')
+      @trigger << Regexp.new(/#{prepend}#{Regexp.escape(rex)}#{append}/ui)
     end
   end
 
@@ -81,6 +83,8 @@ class ::Reaction
       act = :act
     elsif rex.sub!(/^(?:cmd|command):/,'')
       act = :cmd
+    elsif rex.sub!(/^ruby:/,'')
+      act = :ruby
     end
     @replies << Reply.new(self, act, rex, *args)
     make_ranges
@@ -89,6 +93,7 @@ class ::Reaction
 
   def rm_reply(num)
     @replies.delete_at(num-1)
+    make_ranges
     return @raw_replies.delete_at(num-1)
   end
 
@@ -149,7 +154,7 @@ class ReactionPlugin < Plugin
   # We'd like to use backreferences for the trigger syntax
   # but we can't because it will be merged with the Plugin#map()
   # regexp
-  TRIGGER_SYNTAX = /^(?:act:)?(?:!.*?!|\/.*?\/|".*?"|'.*?')/
+  TRIGGER_SYNTAX = /^(?:act:)?(?:!.*?!|\/.*?\/|".*?"|'.*?'|\S+)/
 
   def add_syntax
     return ADD_SYNTAX
@@ -169,7 +174,7 @@ class ReactionPlugin < Plugin
     super
     if @registry.has_key?(:reactions)
       @reactions = @registry[:reactions]
-      raise unless @reactions
+      raise LoadError, "corrupted reaction database" unless @reactions
     else
       @reactions = []
     end
@@ -201,34 +206,39 @@ class ReactionPlugin < Plugin
       help(:react)
     when :remove, :delete, :rm, :del
       "reaction #{topic} <trigger> [<n>] => removes reactions to expression <trigger>. If <n> (a positive integer) is specified, only remove the n-th reaction, otherwise remove the trigger completely"
+    when :move
+      "reaction move <trigger> to <other> => move all reactions to <trigger> to the new trigger <other>"
     when :chance, :chances
       "reaction chances are expressed either in terms of percentage (like 30%) or in terms of floating point numbers (like 0.3), and are clipped to be " +
       "between 0 and 1 (i.e. 0% and 100%). A reaction can have multiple replies, each with a different chance; if the total of the chances is less than one, " +
       "there is a chance that the trigger will not actually cause a reply. Otherwise, the chances express the relative frequency of the replies."
     when :trigger, :triggers
-      "reaction triggers can have one of the format: single_word 'multiple words' \"multiple words \" /regular_expression/ !regular_expression!. " + 
+      "reaction triggers can have one of the format: single_word 'multiple words' \"multiple words \" /regular_expression/ !regular_expression!. " +
       "If prefixed by 'act:' (e.g. act:/(order|command)s/) the bot will only respond if a CTCP ACTION matches the trigger"
     when :reply, :replies
       "reaction replies are simply messages that the bot will reply when a trigger is matched. " +
-      "Replies can be prefixed by 'act:' (e.g. act:goes shopping) to signify that the bot should act instead of saying the message. " +
-      "Replies can be prefixed by 'cmd:' or 'command:' (e.g. cmd:lart %{who}) to issue a command to the bot. " +
-      "Replies can use the %{key} syntax to access one of the following keys: " +
-      "who (the user that said the trigger), bot (the bot's own nick), " +
-      "target (the first word following the trigger), what (whatever follows target), " +
+      "Replies prefixed by 'act:' (e.g. act:goes shopping) signify that the bot should act instead of saying the message. " +
+      "Replies prefixed by 'cmd:' or 'command:' (e.g. cmd:lart %{who}) issue a command to the bot. " +
+      "Replies can use the %{key} syntax to access the following keys: " +
+      "who (user that said the trigger), bot (bot's own nick), " +
+      "target (first word following the trigger), what (whatever follows target), " +
       "before (everything that precedes the trigger), after, (everything that follows the trigger), " +
-      "match (the actual matched text), match1, match2, ... (the i-th capture)"
+      "match (matched text), match1, match2, ... (the i-th capture). " +
+      "Replies prefixed by 'ruby:' (e.g. ruby:m.reply 'Hello ' + subs[:who]) are interpreted as ruby code. " +
+      "No %{key} substitution is done in this case, use the subs hash in the code instead. " +
+      "Be warned that creating ruby replies can open unexpected security holes in the bot."
     when :list
       "reaction list [n]: lists the n-the page of programmed reactions (30 reactions are listed per page)"
     when :show
       "reaction show <trigger>: list the programmed replies to trigger <trigger>"
     else
-      "reaction topics: add, remove, delete, rm, del, triggers, replies, chance, list, show"
+      "reaction topics: add, remove, delete, rm, del, move, triggers, replies, chance, list, show"
     end
   end
 
   def unreplied(m)
     return unless PrivMessage === m
-    debug "testing #{m} for reactions"
+    debug "testing #{m.inspect} for reactions"
     return if @reactions.empty?
     candidates = @reactions.map { |react|
       blob = react === m
@@ -260,13 +270,28 @@ class ReactionPlugin < Plugin
     reply = wanted.pick_reply
     debug "picked #{reply}"
     return unless reply
-    args = reply.apply(subs)
-    if args[0] == :cmd
-      new_m = PrivMessage.new(@bot, m.server, m.source, m.target, @bot.nick+": "+args[1])
-      @bot.plugins.delegate "listen", new_m
-      @bot.plugins.privmsg(new_m) if new_m.address?
+    act, arg = reply.apply(subs)
+    case act
+    when :ruby
+      begin
+        # no substitutions for ruby code
+        eval(reply.reply)
+      rescue Exception => e
+        error e
+      end
+    when :cmd
+      begin
+        # Pass the new message back to the bot.
+        # FIXME Maybe we should do it the alias way, only calling
+        # @bot.plugins.privmsg() ?
+        fake_message(@bot.nick+": "+arg, :from => m)
+      rescue RecurseTooDeep => e
+        error e
+      end
+    when :reply
+      m.plainreply arg
     else
-      m.__send__(*args)
+      m.__send__(act, arg)
     end
   end
 
@@ -276,6 +301,14 @@ class ReactionPlugin < Plugin
     }
   end
 
+  def can_add?(m, reaction)
+    return true if reaction.act == :reply
+    return true if reaction.act == :act
+    return true if reaction.act == :ruby and @bot.auth.permit?(m.source, "reaction::react::ruby", m.channel)
+    return true if reaction.act == :cmd and @bot.auth.permit?(m.source, "reaction::react::cmd", m.channel)
+    return false
+  end
+
   def handle_add(m, params)
     trigger = params[:trigger].to_s
     reply = params[:reply].to_s
@@ -287,20 +320,45 @@ class ReactionPlugin < Plugin
       pct = pct.to_f.clip(0,1)
     end
 
+    new_reaction = false
+
     reaction = find_reaction(trigger)
     if not reaction
       reaction = Reaction.new(trigger)
       @reactions << reaction
-      m.reply "Ok, I'll start reacting to #{reaction.raw_trigger}"
+      new_reaction = true
     end
+
     found = reaction.find_reply(reply)
     if found
-      found.pct = pct
-      found.author = m.sourcenick
-      found.date = Time.now
-      found.channel = m.channel
+      # ruby replies need special permission
+      if can_add?(m, found)
+        found.pct = pct
+        found.author = m.sourcenick
+        found.date = Time.now
+        found.channel = m.channel
+      else
+        m.reply _("Sorry, you're not allowed to change %{act} replies here") % {
+          :act => found.act
+        }
+        return
+      end
     else
       found = reaction.add_reply(reply, pct, m.sourcenick, Time.now, m.channel)
+      unless can_add?(m, found)
+        m.reply _("Sorry, you're not allowed to add %{act} replies here") % {
+          :act => found.act
+        }
+        reaction.rm_reply(reaction.replies.length)
+        if new_reaction
+          @reactions.delete(reaction)
+        end
+        return
+      end
+    end
+
+    if new_reaction
+      m.reply "Ok, I'll start reacting to #{reaction.raw_trigger}"
     end
     m.reply "I'll react to #{reaction.raw_trigger} with #{reaction.raw_replies.last} (#{(reaction.replies.last.pct * 100).to_i}%)"
   end
@@ -323,7 +381,8 @@ class ReactionPlugin < Plugin
 
   def handle_rm(m, params)
     trigger = params[:trigger].to_s
-    n = params[:n].to_i rescue nil
+    n = params[:n]
+    n = n.to_i if n
     debug trigger.inspect
     found = find_reaction(trigger)
     purged = nil
@@ -388,7 +447,11 @@ plugin = ReactionPlugin.new
 
 plugin.map plugin.add_syntax, :action => 'handle_add',
   :requirements => { :trigger => plugin.trigger_syntax }
-plugin.map plugin.add_syntax.sub('*', ':'), :action => 'handle_add'
+
+# ruby reactions are security holes, so give stricter permission
+plugin.default_auth('react::ruby', false)
+# cmd reactions can be security holes too
+plugin.default_auth('react::cmd', false)
 
 plugin.map 'reaction list [:page]', :action => 'handle_list',
   :requirements => { :page => /^\d+$/ }
@@ -400,8 +463,6 @@ plugin.map plugin.move_syntax, :action => 'handle_move',
     :source => plugin.trigger_syntax,
     :dest => plugin.trigger_syntax
   }
-plugin.map plugin.move_syntax.sub('*', ':'), :action => 'handle_move'
-
 
 plugin.map 'reaction del[ete] *trigger [:n]', :action => 'handle_rm', :auth_path => 'del!',
   :requirements => { :trigger => plugin.trigger_syntax, :n => /^\d+$/ }