notnull/banned
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Security Fix: Don't allow non-admins to fsay/fact to a target other than the channel itself

Browse Source
This commit is contained in:
skizzerz 2014-11-27 19:08:47 -06:00
parent eb8ffb9f68
commit 4cdc065d2f
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/wolfgame.py
View File

@ -5948,6 +5948,10 @@ def fsay(cli, nick, rest):
pm(cli, nick, "Usage: !fsay <channel> <message>")
return
if rest[0] != botconfig.CHANNEL and (nick not in var.USERS or not is_admin(var.USERS[nick]["cloak"])):
pm(cli, nick, "You do not have permission to message this user/channel")
return
print('[%s] %s fsay %s: %s' %
(time.strftime('%Y-%m-%dT%H:%M:%S%z'), nick, rest[0], rest[1]))
@ -5961,6 +5965,10 @@ def fact(cli, nick, rest):
pm(cli, nick, "Usage: !fact <channel> <message>")
return
if rest[0] != botconfig.CHANNEL and (nick not in var.USERS or not is_admin(var.USERS[nick]["cloak"])):
pm(cli, nick, "You do not have permission to message this user/channel")
return
print('[%s] %s fact %s: %s' %
(time.strftime('%Y-%m-%dT%H:%M:%S%z'), nick, rest[0], rest[1]))