From 3cf993500544c2157992650da2487bfa89be405d Mon Sep 17 00:00:00 2001
From: Daniel De Graaf <danieldg@inspircd.org>
Date: Fri, 2 Apr 2010 10:39:15 -0500
Subject: Use FindNickOnly in a few commands to prevent enumerating users via
 UID walking

---
 src/commands/cmd_kick.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/commands/cmd_kick.cpp')

diff --git a/src/commands/cmd_kick.cpp b/src/commands/cmd_kick.cpp
index 39e2c4433..ab346d395 100644
--- a/src/commands/cmd_kick.cpp
+++ b/src/commands/cmd_kick.cpp
@@ -40,11 +40,16 @@ CmdResult CommandKick::Handle (const std::vector<std::string>& parameters, User
 {
 	std::string reason;
 	Channel* c = ServerInstance->FindChan(parameters[0]);
-	User* u = ServerInstance->FindNick(parameters[1]);
+	User* u;
 
 	if (ServerInstance->Parser->LoopCall(user, this, parameters, 1))
 		return CMD_SUCCESS;
 
+	if (IS_LOCAL(user))
+		u = ServerInstance->FindNickOnly(parameters[1]);
+	else
+		u = ServerInstance->FindNick(parameters[1]);
+
 	if (!u || !c)
 	{
 		user->WriteServ( "401 %s %s :No such nick/channel", user->nick.c_str(), u ? parameters[0].c_str() : parameters[1].c_str());
-- 
cgit v1.2.3