From a00f2d697f4dc87a5568ebdd4946385ce51d9ba7 Mon Sep 17 00:00:00 2001
From: Tom Gilbert <tom@linuxbrit.co.uk>
Date: Thu, 14 Jul 2005 22:51:05 +0000
Subject: Rudolf Polzer pointed out (a while ago, I forgot to apply this fix)
 an issue with rbot's string handling. Most ircds are pretty liberal about
 lines ending in various combinations of \r, \n, etc.

We need to be careful about strings we pass to the ircd that may have come
from users/untrusted sources (such as the output of the wserver plugin), and
sanitize their line endings so that raw commands can't be sneaked through to
the ircd.
---
 rbot/ircbot.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rbot/ircbot.rb b/rbot/ircbot.rb
index 26f3f8bb..5c72e40b 100644
--- a/rbot/ircbot.rb
+++ b/rbot/ircbot.rb
@@ -331,7 +331,7 @@ class IrcBot
 
   # say something (PRIVMSG) to channel/nick +where+
   def say(where, message)
-    message.to_s.each_line { |line|
+    message.to_s.gsub(/[\r\n]+/, "\n").each_line { |line|
       line.chomp!
       next unless(line.length > 0)
       unless((where =~ /^#/) && (@channels.has_key?(where) && @channels[where].quiet))
-- 
cgit v1.2.3