Split long messages on \r as well as \n. Plugs a security hole.

Changes

@@ -2,6 +2,7 @@ Revision history for Perl extension POE::Component::IRC.
 
 6.30
     - Proxy.pm: Fix documentation error ('bindaddr' -> 'bindaddress')
+    - IRC.pm: Split long messages on \r as well as \n. Plugs a security hole.
 
 6.28  Sun Mar 14 10:50:43 GMT 2010
     - Use utf8 encoding in all Pod

lib/POE/Component/IRC.pm

@@ -1040,7 +1040,7 @@ sub onlytwoargs {
 sub privandnotice {
     my ($kernel, $state, $to) = @_[KERNEL, STATE, ARG0];
     my $message = join ' ', @_[ARG1 .. $#_];
-    my @messages = split /\n/, $message;
+    my @messages = split /[\n\r]/, $message;
     my $pri = $_[OBJECT]->{IRC_CMDS}->{$state}->[CMD_PRI];
 
     $state =~ s/privmsglo/privmsg/;

t/02_behavior/14_newline.t

@@ -6,7 +6,7 @@ use Socket;
 use POE::Component::IRC::State;
 use POE::Component::IRC::Plugin::AutoJoin;
 use POE::Component::Server::IRC;
-use Test::More tests => 9;
+use Test::More tests => 11;
 
 my $bot1 = POE::Component::IRC::State->spawn(
     Flood        => 1,
@@ -97,6 +97,7 @@ sub irc_join {
 
     $irc->yield(quote => "PRIVMSG $where :one\nPRIVMSG $where :two");
     $irc->yield(privmsg => $where, "foo\nbar");
+    $irc->yield(privmsg => $where, "baz\rquux");
 }
 
 sub irc_public {
@@ -111,6 +112,12 @@ sub irc_public {
     }
     elsif ($heap->{got_msg} == 3) {
         is($msg, 'bar', 'Third message');
+    }
+    elsif ($heap->{got_msg} == 4) {
+        is($msg, 'baz', 'Fourth message');
+    }
+    elsif ($heap->{got_msg} == 5) {
+        is($msg, 'quux', 'Fifth message');
         $bot1->yield('quit');
         $bot2->yield('quit');
     }

xt/perlcriticrc_t

@@ -25,3 +25,4 @@ verbose  = 3
 [-Modules::RequireExplicitPackage]
 [-Modules::RequireFilenameMatchesPackage]
 [-Subroutines::RequireFinalReturn]
+[-ControlStructures::ProhibitCascadingIfElse]