From c49f03f985a4f142d4b050cbe57fc548e88207e4 Mon Sep 17 00:00:00 2001
From: Adam <Adam@anope.org>
Date: Sat, 15 Dec 2012 23:51:25 -0500
Subject: [PATCH] Allow escaping brackets in webpanel templates and redirect
 users to the homepage when their session is not found

---
 modules/extra/webcpanel/template_fileserver.cpp | 7 ++++++-
 modules/extra/webcpanel/webcpanel.h             | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/extra/webcpanel/template_fileserver.cpp b/modules/extra/webcpanel/template_fileserver.cpp
index ca2ff034f..79e583388 100644
--- a/modules/extra/webcpanel/template_fileserver.cpp
+++ b/modules/extra/webcpanel/template_fileserver.cpp
@@ -115,9 +115,12 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n
 
 	Anope::string finished;
 
+	bool escaped = false;
 	for (unsigned j = 0; j < buf.length(); ++j)
 	{
-		if (buf[j] == '{')
+		if (buf[j] == '\\' && j + 1 < buf.length() && (buf[j + 1] == '{' || buf[j + 1] == '}'))
+			escaped = true;
+		else if (buf[j] == '{' && !escaped)
 		{
 			size_t f = buf.substr(j).find('}');
 			if (f == Anope::string::npos)
@@ -241,6 +244,8 @@ void TemplateFileServer::Serve(HTTPProvider *server, const Anope::string &page_n
 		}
 		else
 		{
+			escaped = false;
+
 			// If the if stack is empty or we are in a true statement
 			bool ifok = IfStack.empty() || IfStack.top();
 			bool forok = ForLoop::Stack.empty() || !ForLoop::Stack.back().finished(r);
diff --git a/modules/extra/webcpanel/webcpanel.h b/modules/extra/webcpanel/webcpanel.h
index 051bab790..511ecf354 100644
--- a/modules/extra/webcpanel/webcpanel.h
+++ b/modules/extra/webcpanel/webcpanel.h
@@ -88,6 +88,8 @@ class WebPanelProtectedPage : public WebPanelPage
 
 		if (!panel || !(na = panel->GetNickFromSession(client, message)))
 		{
+			reply.error = HTTP_FOUND;
+			reply.headers["Location"] = Anope::string("http") + (use_ssl ? "s" : "") + "://" + message.headers["Host"] + "/";
 			return true; // Access denied
 		}