From db0e78c5d2e0998591b274c027fef26e1ac6ce6a Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Wed, 5 Feb 2014 13:49:16 +0000 Subject: Fix various cases of UUID exposure. - Introduce WriteCommand which sends * when the user has not registered. - Switch a ton of code to use WriteCommand instead of WriteServ. - Convert WriteNotice to be a wrapper around WriteCommand. - Only send * when NICK has not been sent instead of before registration. --- include/users.h | 8 +++++++- src/modules/m_cap.cpp | 8 ++++---- src/modules/m_cloaking.cpp | 2 +- src/users.cpp | 8 ++++---- 4 files changed, 16 insertions(+), 10 deletions(-) diff --git a/include/users.h b/include/users.h index 6a61b2bc1..c699ebab7 100644 --- a/include/users.h +++ b/include/users.h @@ -501,10 +501,16 @@ class CoreExport User : public Extensible */ void WriteServ(const char* text, ...) CUSTOM_PRINTF(2, 3); + /** Sends a command to this user. + * @param command The command to be sent. + * @param text The message to send. + */ + void WriteCommand(const char* command, const std::string& text); + /** Sends a server notice to this user. * @param text The contents of the message to send. */ - void WriteNotice(const std::string& text); + void WriteNotice(const std::string& text) { this->WriteCommand("NOTICE", ":" + text); } void WriteNumeric(unsigned int numeric, const char* text, ...) CUSTOM_PRINTF(3, 4); diff --git a/src/modules/m_cap.cpp b/src/modules/m_cap.cpp index 968c304ab..9e074b219 100644 --- a/src/modules/m_cap.cpp +++ b/src/modules/m_cap.cpp @@ -75,13 +75,13 @@ class CommandCAP : public Command if (Data.ack.size() > 0) { std::string AckResult = irc::stringjoiner(Data.ack).GetJoined(); - user->WriteServ("CAP %s ACK :%s", user->nick.c_str(), AckResult.c_str()); + user->WriteCommand("CAP", "ACK :" + AckResult); } if (Data.wanted.size() > 0) { std::string NakResult = irc::stringjoiner(Data.wanted).GetJoined(); - user->WriteServ("CAP %s NAK :%s", user->nick.c_str(), NakResult.c_str()); + user->WriteCommand("CAP", "NAK :" + NakResult); } } else if (subcommand == "END") @@ -96,7 +96,7 @@ class CommandCAP : public Command Data.Send(); std::string Result = irc::stringjoiner(Data.wanted).GetJoined(); - user->WriteServ("CAP %s %s :%s", user->nick.c_str(), subcommand.c_str(), Result.c_str()); + user->WriteCommand("CAP", subcommand + " :" + Result); } else if (subcommand == "CLEAR") { @@ -106,7 +106,7 @@ class CommandCAP : public Command Data.Send(); std::string Result = irc::stringjoiner(Data.ack).GetJoined(); - user->WriteServ("CAP %s ACK :%s", user->nick.c_str(), Result.c_str()); + user->WriteCommand("CAP", "ACK :" + Result); } else { diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index d83786a20..5d62c9cf6 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -301,7 +301,7 @@ class ModuleCloaking : public Module if (u->IsModeSet(cu)) { u->SetMode(cu, false); - u->WriteServ("MODE %s -%c", u->nick.c_str(), cu.GetModeChar()); + u->WriteCommand("MODE", "-" + ConvToStr(cu.GetModeChar())); } } diff --git a/src/users.cpp b/src/users.cpp index 4968c7a37..04d2114dc 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -357,7 +357,7 @@ void User::Oper(OperInfo* info) this->SetMode(opermh, true); this->oper = info; - this->WriteServ("MODE %s :+o", this->nick.c_str()); + this->WriteCommand("MODE", "+o"); FOREACH_MOD(OnOper, (this, info->name)); std::string opername; @@ -863,9 +863,9 @@ void User::WriteServ(const char* text, ...) this->WriteServ(textbuffer); } -void User::WriteNotice(const std::string& text) +void User::WriteCommand(const char* command, const std::string& text) { - this->WriteServ("NOTICE " + (this->registered == REG_ALL ? this->nick : "*") + " :" + text); + this->WriteServ(command + (this->registered & REG_NICK ? " " + this->nick : " *") + " " + text); } void User::WriteNumeric(unsigned int numeric, const char* text, ...) @@ -885,7 +885,7 @@ void User::WriteNumeric(unsigned int numeric, const std::string &text) return; const std::string message = InspIRCd::Format(":%s %03u %s %s", ServerInstance->Config->ServerName.c_str(), - numeric, !this->nick.empty() ? this->nick.c_str() : "*", text.c_str()); + numeric, this->registered & REG_NICK ? this->nick.c_str() : "*", text.c_str()); this->Write(message); } -- cgit v1.2.3