Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
relay: add extra forbidden commands in weechat protocol (issue #928)
Commands were already forbidden (option relay.weechat.commands):

- /exec
- /upgrade
- /quit

These extra commands are now forbidden by default:

- /fset
- /set
- /unset
- /plugin
- /script
- /python
- /perl
- /ruby
- /lua
- /tcl
- /guile
- /javascript
- /php
- /secure
  • Loading branch information
flashcode committed Mar 9, 2019
1 parent 2f5aa3b commit dd44c1d
Show file tree
Hide file tree
Showing 20 changed files with 76 additions and 73 deletions.
4 changes: 2 additions & 2 deletions doc/de/autogen/user/relay_options.adoc
Expand Up @@ -183,7 +183,7 @@
** Standardwert: `+""+`
* [[option_relay.weechat.commands]] *relay.weechat.commands*
** Beschreibung: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default all commands are allowed except /exec, /upgrade and /quit (which could lead to denial of service or remote code execution if the client is not trusted)]
** Beschreibung: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)]
** Typ: Zeichenkette
** Werte: beliebige Zeichenkette
** Standardwert: `+"*,!exec,!upgrade,!quit"+`
** Standardwert: `+"*,!exec,!fset,!set,!unset,!plugin,!script,!python,!perl,!ruby,!lua,!tcl,!guile,!javascript,!php,!secure,!upgrade,!quit"+`
4 changes: 2 additions & 2 deletions doc/en/autogen/user/relay_options.adoc
Expand Up @@ -183,7 +183,7 @@
** default value: `+""+`
* [[option_relay.weechat.commands]] *relay.weechat.commands*
** description: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default all commands are allowed except /exec, /upgrade and /quit (which could lead to denial of service or remote code execution if the client is not trusted)]
** description: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)]
** type: string
** values: any string
** default value: `+"*,!exec,!upgrade,!quit"+`
** default value: `+"*,!exec,!fset,!set,!unset,!plugin,!script,!python,!perl,!ruby,!lua,!tcl,!guile,!javascript,!php,!secure,!upgrade,!quit"+`
4 changes: 2 additions & 2 deletions doc/fr/autogen/user/relay_options.adoc
Expand Up @@ -183,7 +183,7 @@
** valeur par défaut: `+""+`
* [[option_relay.weechat.commands]] *relay.weechat.commands*
** description: pass:none[liste des commandes autorisées/interdites lorsque qu'une entrée de données (texte ou commande) est reçue du client (séparées par des virgules) ; "*" signifie toutes les commandes, un nom commençant par "!" est une valeur négative pour empêcher une commande d'être exécutée, le caractère joker "*" est autorisé dans les noms ; par défaut toutes les commandes sont autorisées sauf /exec, /upgrade et /quit (ce qui pourrait conduire à un déni de service ou l'exécution de commandes à distance si le client n'est pas sûr)]
** description: pass:none[liste des commandes autorisées/interdites lorsque qu'une entrée de données (texte ou commande) est reçue du client (séparées par des virgules) ; "*" signifie toutes les commandes, un nom commençant par "!" est une valeur négative pour empêcher une commande d'être exécutée, le caractère joker "*" est autorisé dans les noms ; par défaut certaines commandes ne sont pas autorisées (elles pourraient conduire à un déni de service ou l'exécution de commandes à distance si le client n'est pas sûr)]
** type: chaîne
** valeurs: toute chaîne
** valeur par défaut: `+"*,!exec,!upgrade,!quit"+`
** valeur par défaut: `+"*,!exec,!fset,!set,!unset,!plugin,!script,!python,!perl,!ruby,!lua,!tcl,!guile,!javascript,!php,!secure,!upgrade,!quit"+`
4 changes: 2 additions & 2 deletions doc/it/autogen/user/relay_options.adoc
Expand Up @@ -183,7 +183,7 @@
** valore predefinito: `+""+`
* [[option_relay.weechat.commands]] *relay.weechat.commands*
** descrizione: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default all commands are allowed except /exec, /upgrade and /quit (which could lead to denial of service or remote code execution if the client is not trusted)]
** descrizione: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)]
** tipo: stringa
** valori: qualsiasi stringa
** valore predefinito: `+"*,!exec,!upgrade,!quit"+`
** valore predefinito: `+"*,!exec,!fset,!set,!unset,!plugin,!script,!python,!perl,!ruby,!lua,!tcl,!guile,!javascript,!php,!secure,!upgrade,!quit"+`
4 changes: 2 additions & 2 deletions doc/ja/autogen/user/relay_options.adoc
Expand Up @@ -183,7 +183,7 @@
** デフォルト値: `+""+`
* [[option_relay.weechat.commands]] *relay.weechat.commands*
** 説明: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default all commands are allowed except /exec, /upgrade and /quit (which could lead to denial of service or remote code execution if the client is not trusted)]
** 説明: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)]
** タイプ: 文字列
** 値: 未制約文字列
** デフォルト値: `+"*,!exec,!upgrade,!quit"+`
** デフォルト値: `+"*,!exec,!fset,!set,!unset,!plugin,!script,!python,!perl,!ruby,!lua,!tcl,!guile,!javascript,!php,!secure,!upgrade,!quit"+`
4 changes: 2 additions & 2 deletions doc/pl/autogen/user/relay_options.adoc
Expand Up @@ -183,7 +183,7 @@
** domyślna wartość: `+""+`
* [[option_relay.weechat.commands]] *relay.weechat.commands*
** opis: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default all commands are allowed except /exec, /upgrade and /quit (which could lead to denial of service or remote code execution if the client is not trusted)]
** opis: pass:none[comma-separated list of commands allowed/denied when input data (text or command) is received from a client; "*" means any command, a name beginning with "!" is a negative value to prevent a command from being executed, wildcard "*" is allowed in names; by default some commands are not allowed (they could lead to denial of service or remote code execution if the client is not trusted)]
** typ: ciąg
** wartości: dowolny ciąg
** domyślna wartość: `+"*,!exec,!upgrade,!quit"+`
** domyślna wartość: `+"*,!exec,!fset,!set,!unset,!plugin,!script,!python,!perl,!ruby,!lua,!tcl,!guile,!javascript,!php,!secure,!upgrade,!quit"+`
8 changes: 4 additions & 4 deletions po/cs.po
Expand Up @@ -21,7 +21,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"Last-Translator: Ondřej Súkup <mimi.vx@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
Expand Down Expand Up @@ -10868,9 +10868,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

#, fuzzy
Expand Down
9 changes: 5 additions & 4 deletions po/de.po
Expand Up @@ -24,7 +24,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 21:25+0100\n"
"Last-Translator: Nils Görs <weechatter@arcor.de>\n"
"Language-Team: German <kde-i18n-de@kde.org>\n"
Expand Down Expand Up @@ -12768,13 +12768,14 @@ msgstr ""
"gesendet wird); keine Zeichenkette = deaktiviert die Zeitanzeige im "
"Verlaufsspeicher"

#, fuzzy
msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""
"durch Kommata getrennte Liste von Befehlen die erlaubt/verboten sind wenn "
"Daten (Text oder Befehl) vom Client empfangen werden; \"*\" bedeutet alle "
Expand Down
8 changes: 4 additions & 4 deletions po/es.po
Expand Up @@ -22,7 +22,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
Expand Down Expand Up @@ -11221,9 +11221,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

#, fuzzy
Expand Down
16 changes: 8 additions & 8 deletions po/fr.po
Expand Up @@ -21,8 +21,8 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-03-09 17:51+0100\n"
"Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
"Language: fr\n"
Expand Down Expand Up @@ -12495,17 +12495,17 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""
"liste des commandes autorisées/interdites lorsque qu'une entrée de données "
"(texte ou commande) est reçue du client (séparées par des virgules) ; \"*\" "
"signifie toutes les commandes, un nom commençant par \"!\" est une valeur "
"négative pour empêcher une commande d'être exécutée, le caractère joker \"*"
"\" est autorisé dans les noms ; par défaut toutes les commandes sont "
"autorisées sauf /exec, /upgrade et /quit (ce qui pourrait conduire à un déni "
"de service ou l'exécution de commandes à distance si le client n'est pas sûr)"
"\" est autorisé dans les noms ; par défaut certaines commandes ne sont pas "
"autorisées (elles pourraient conduire à un déni de service ou l'exécution de "
"commandes à distance si le client n'est pas sûr)"

msgid "number of clients for relay"
msgstr "nombre de clients pour le relai"
Expand Down
8 changes: 4 additions & 4 deletions po/hu.po
Expand Up @@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:18+0100\n"
"Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
Expand Down Expand Up @@ -10227,9 +10227,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

#, fuzzy
Expand Down
8 changes: 4 additions & 4 deletions po/it.po
Expand Up @@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"Last-Translator: Esteban I. Ruiz Moreno <exio4.com@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
Expand Down Expand Up @@ -11423,9 +11423,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

#, fuzzy
Expand Down
8 changes: 4 additions & 4 deletions po/ja.po
Expand Up @@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n"
"Language-Team: Japanese <https://github.com/l/weechat/tree/master/"
Expand Down Expand Up @@ -12043,9 +12043,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

msgid "number of clients for relay"
Expand Down
8 changes: 4 additions & 4 deletions po/pl.po
Expand Up @@ -22,7 +22,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"Last-Translator: Krzysztof Korościk <soltys@soltys.info>\n"
"Language-Team: Polish <kde-i18n-doc@kde.org>\n"
Expand Down Expand Up @@ -12227,9 +12227,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

msgid "number of clients for relay"
Expand Down
8 changes: 4 additions & 4 deletions po/pt.po
Expand Up @@ -20,7 +20,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"Last-Translator: Vasco Almeida <vascomalmeida@sapo.pt>\n"
"Language-Team: Portuguese <>\n"
Expand Down Expand Up @@ -11883,9 +11883,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

msgid "number of clients for relay"
Expand Down
8 changes: 4 additions & 4 deletions po/pt_BR.po
Expand Up @@ -21,7 +21,7 @@ msgid ""
msgstr ""
"Project-Id-Version: WeeChat\n"
"Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
"POT-Creation-Date: 2019-02-28 20:53+0100\n"
"POT-Creation-Date: 2019-03-09 17:49+0100\n"
"PO-Revision-Date: 2019-02-28 20:53+0100\n"
"Last-Translator: Eduardo Elias <camponez@gmail.com>\n"
"Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
Expand Down Expand Up @@ -10676,9 +10676,9 @@ msgid ""
"comma-separated list of commands allowed/denied when input data (text or "
"command) is received from a client; \"*\" means any command, a name "
"beginning with \"!\" is a negative value to prevent a command from being "
"executed, wildcard \"*\" is allowed in names; by default all commands are "
"allowed except /exec, /upgrade and /quit (which could lead to denial of "
"service or remote code execution if the client is not trusted)"
"executed, wildcard \"*\" is allowed in names; by default some commands are "
"not allowed (they could lead to denial of service or remote code execution "
"if the client is not trusted)"
msgstr ""

#, fuzzy
Expand Down

0 comments on commit dd44c1d

Please sign in to comment.