From 41a7bddffcdaf79ce8be511827e19e92820b8f09 Mon Sep 17 00:00:00 2001
From: Kevin Xiwei Zheng <blankplacement+omnipresence@gmail.com>
Date: Sat, 8 Aug 2015 15:41:02 -0400
Subject: [PATCH] more: Disallow reading from other users' PM buffers

---
 omnipresence/plugins/more/__init__.py  | 10 ++++++----
 omnipresence/plugins/more/test_more.py | 11 +++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/omnipresence/plugins/more/__init__.py b/omnipresence/plugins/more/__init__.py
index d157ec1..c43506b 100644
--- a/omnipresence/plugins/more/__init__.py
+++ b/omnipresence/plugins/more/__init__.py
@@ -6,7 +6,7 @@
 from itertools import tee
 
 from ...message import collapse
-from ...plugin import EventPlugin
+from ...plugin import EventPlugin, UserVisibleError
 from ...settings import PRIVATE_CHANNEL
 
 
@@ -14,11 +14,13 @@ class Default(EventPlugin):
     def on_command(self, msg):
         venue = PRIVATE_CHANNEL if msg.private else msg.venue
         source = msg.content or msg.actor.nick
-        buf = msg.connection.message_buffers[venue].get(source, [])
-        if not buf:
-            return 'No text in buffer.'
+        buf = (msg.connection.message_buffers[venue].get(source, []) or
+               'No text in buffer.')
         if msg.connection.case_mapping.equates(source, msg.actor.nick):
             return buf
+        if msg.private:
+            raise UserVisibleError("You cannot read another user's "
+                                   "private reply buffer.")
         if isinstance(buf, Sequence):
             return buf[:]
         # Assume an iterator.  The original iterator can no longer be
diff --git a/omnipresence/plugins/more/test_more.py b/omnipresence/plugins/more/test_more.py
index 0ba8743..fc81c9a 100644
--- a/omnipresence/plugins/more/test_more.py
+++ b/omnipresence/plugins/more/test_more.py
@@ -5,6 +5,7 @@
 from itertools import count, imap
 
 from ...message import Message, collapse
+from ...settings import PRIVATE_CHANNEL
 from ...test.helpers import AbstractCommandTestCase, OutgoingPlugin
 
 from . import Default
@@ -59,3 +60,13 @@ def test_other_buffer_iterator(self):
         self.assert_reply('', '1', actor='party3')
         self.assert_reply('party3', '2')
         self.assert_reply('', '2', actor='party3')
+
+    def test_other_buffer_private(self):
+        private_buffers = self.connection.message_buffers[PRIVATE_CHANNEL]
+        private_buffers[self.other_user.nick] = ['hello world']
+        private_buffers['party3'] = ['lorem ipsum dolor sit amet']
+        self.assert_reply(
+            'party3',
+            "You cannot read another user's private reply buffer.",
+            venue=self.connection.nickname)
+        self.assert_reply('', 'hello world', venue=self.connection.nickname)