Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fix *controlpanel not checking whether the bindhost is in the whitelist

  • Loading branch information...
commit e77edb409eeaeea428342559d0d34a5a33894150 1 parent 2cfc6ce
@Nothing4You Nothing4You authored
Showing with 46 additions and 0 deletions.
  1. +46 −0 modules/controlpanel.cpp
View
46 modules/controlpanel.cpp
@@ -248,6 +248,29 @@ class CAdminMod : public CModule {
}
else if (sVar == "bindhost") {
if(!pUser->DenySetBindHost() || m_pUser->IsAdmin()) {
+ if (sValue.Equals(m_pUser->GetBindHost())) {
+ PutModule("This bind host is already set!");
+ return;
+ }
+
+ const VCString& vsHosts = CZNC::Get().GetBindHosts();
+ if (!m_pUser->IsAdmin() && !vsHosts.empty()) {
+ VCString::const_iterator it;
+ bool bFound = false;
+
+ for (it = vsHosts.begin(); it != vsHosts.end(); ++it) {
+ if (sValue.Equals(*it)) {
+ bFound = true;
+ break;
+ }
+ }
+
+ if (!bFound) {
+ PutModule("You may not use this bind host. See /msg " + m_pUser->GetStatusPrefix() + "status ListBindHosts for a list");
+ return;
+ }
+ }
+
pUser->SetBindHost(sValue);
PutModule("BindHost = " + sValue);
} else {
@@ -479,6 +502,29 @@ class CAdminMod : public CModule {
PutModule("RealName = " + pNetwork->GetRealName());
} else if (sVar.Equals("bindhost")) {
if(!pUser->DenySetBindHost() || m_pUser->IsAdmin()) {
+ if (sValue.Equals(pNetwork->GetBindHost())) {
+ PutModule("This bind host is already set!");
+ return;
+ }
+
+ const VCString& vsHosts = CZNC::Get().GetBindHosts();
+ if (!m_pUser->IsAdmin() && !vsHosts.empty()) {
+ VCString::const_iterator it;
+ bool bFound = false;
+
+ for (it = vsHosts.begin(); it != vsHosts.end(); ++it) {
+ if (sValue.Equals(*it)) {
+ bFound = true;
+ break;
+ }
+ }
+
+ if (!bFound) {
+ PutModule("You may not use this bind host. See /msg " + m_pUser->GetStatusPrefix() + "status ListBindHosts for a list");
+ return;
+ }
+ }
+
pNetwork->SetBindHost(sValue);
PutModule("BindHost = " + sValue);
} else {
Please sign in to comment.
Something went wrong with that request. Please try again.