Permalink
Browse files

Merge pull request #512 from Nothing4You/fix-another-controlpanel-bin…

…dhost-issue

Fix *controlpanel not checking whether the bindhost is in the whitelist
  • Loading branch information...
2 parents 2cfc6ce + e77edb4 commit 73bc8d59594e6332d9c65689fe183eb54111fb51 @DarthGandalf DarthGandalf committed Mar 20, 2014
Showing with 46 additions and 0 deletions.
  1. +46 −0 modules/controlpanel.cpp
View
@@ -248,6 +248,29 @@ class CAdminMod : public CModule {
}
else if (sVar == "bindhost") {
if(!pUser->DenySetBindHost() || m_pUser->IsAdmin()) {
+ if (sValue.Equals(m_pUser->GetBindHost())) {
+ PutModule("This bind host is already set!");
+ return;
+ }
+
+ const VCString& vsHosts = CZNC::Get().GetBindHosts();
+ if (!m_pUser->IsAdmin() && !vsHosts.empty()) {
+ VCString::const_iterator it;
+ bool bFound = false;
+
+ for (it = vsHosts.begin(); it != vsHosts.end(); ++it) {
+ if (sValue.Equals(*it)) {
+ bFound = true;
+ break;
+ }
+ }
+
+ if (!bFound) {
+ PutModule("You may not use this bind host. See /msg " + m_pUser->GetStatusPrefix() + "status ListBindHosts for a list");
+ return;
+ }
+ }
+
pUser->SetBindHost(sValue);
PutModule("BindHost = " + sValue);
} else {
@@ -479,6 +502,29 @@ class CAdminMod : public CModule {
PutModule("RealName = " + pNetwork->GetRealName());
} else if (sVar.Equals("bindhost")) {
if(!pUser->DenySetBindHost() || m_pUser->IsAdmin()) {
+ if (sValue.Equals(pNetwork->GetBindHost())) {
+ PutModule("This bind host is already set!");
+ return;
+ }
+
+ const VCString& vsHosts = CZNC::Get().GetBindHosts();
+ if (!m_pUser->IsAdmin() && !vsHosts.empty()) {
+ VCString::const_iterator it;
+ bool bFound = false;
+
+ for (it = vsHosts.begin(); it != vsHosts.end(); ++it) {
+ if (sValue.Equals(*it)) {
+ bFound = true;
+ break;
+ }
+ }
+
+ if (!bFound) {
+ PutModule("You may not use this bind host. See /msg " + m_pUser->GetStatusPrefix() + "status ListBindHosts for a list");
+ return;
+ }
+ }
+
pNetwork->SetBindHost(sValue);
PutModule("BindHost = " + sValue);
} else {

0 comments on commit 73bc8d5

Please sign in to comment.