pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-29 00:26:39 +02:00
Code Activity

Allow escaping brackets in webpanel templates and redirect users to the homepage when their session is not found

Browse Source
This commit is contained in:
Adam
2012-12-15 23:51:25 -05:00
parent 8e3ab0d10b
commit c49f03f985
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/extra/webcpanel/template_fileserver.cpp
+6 -1
View File
@@ -115,9 +115,12 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n
Anope::string finished;
bool escaped = false;
for (unsigned j = 0; j < buf.length(); ++j)
{
if (buf[j] == '{')
if (buf[j] == '\\' && j + 1 < buf.length() && (buf[j + 1] == '{' || buf[j + 1] == '}'))
escaped = true;
else if (buf[j] == '{' && !escaped)
{
size_t f = buf.substr(j).find('}');
if (f == Anope::string::npos)
@@ -241,6 +244,8 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n
}
else
{
escaped = false;
// If the if stack is empty or we are in a true statement
bool ifok = IfStack.empty() || IfStack.top();
bool forok = ForLoop::Stack.empty() || !ForLoop::Stack.back().finished(r);
modules/extra/webcpanel/webcpanel.h
+2
View File
@@ -88,6 +88,8 @@ class WebPanelProtectedPage : public WebPanelPage
if (!panel || !(na = panel->GetNickFromSession(client, message)))
{
reply.error = HTTP_FOUND;
reply.headers["Location"] = Anope::string("http") + (use_ssl ? "s" : "") + "://" + message.headers["Host"] + "/";
return true; // Access denied
}